I

iac

Local KVM scout VM for Ubuntu 26.04 (Resolute Raccoon) beta validation. Pulumi + libvirt.

A fully automated 13-stage DevSecOps CI/CD pipeline that integrates security, compliance, and cloud-native deployment using GitLab CI and Amazon EKS.

The pipeline demonstrates real-world DevSecOps practices including:

• SAST, dependency, container, IaC, and Kubernetes manifest scanning • SBOM generation (CycloneDX) • Automated POA&M creation mapped to NIST controls • Evidence packaging for compliance audits • Secure image push to Amazon ECR • Deployment and validation on Amazon EKS • Full run-to-completion behavior (lab mode) with findings documented rather than blocking

This project showcases an end-to-end secure software supply chain workflow suitable for: cloud engineering, DevOps, cybersecurity, and compliance automation demonstrations.

Homebase is an Ansbile playbook that sets up a Fedora Silverblue system to meet the requirements of oyowtyddb13pfry8.

A lightweight Ansible role for deploying a Tuwunel-based Matrix homeserver.

a Terraform configuration for deploying a Ubuntu VM with Nginx in Yandex Cloud. It automates the setup of a VPC network, subnet, NAT gateway, security group, and a VM with a fixed IP.

My collection of terraform/opentofu modules

A Terraform project to build a Rocky Linux droplet in Digital Ocean.

A local Infrastructure-as-Code (IaC) development environment for security and compliance validation. The current iteration uses Terraform and AWS emulation via LocalStack, focusing on IAM roles, secrets management, S3 access control and regulatory policies (e.g., GDPR/HIPAA). Implemented constrained DevSecOps practices within a local development context.

Atlas Architect: Your AI Co-pilot for Secure Cloud Infrastructure

This project is an AI-powered DevSecOps agent that lives within GitLab. It proactively analyzes Infrastructure-as-Code (IaC) files, specifically Terraform, to automatically visualize, secure, and optimize a developer's Google Cloud architecture before it's ever deployed.

When a developer submits a Merge Request with Terraform changes, a CI/CD pipeline triggers the agent to post a detailed analysis back as a comment. This provides instant visibility and governance, helping teams build better, safer cloud infrastructure, faster.

Key Features:

AI-Powered Visualization: Generates architecture diagrams from Terraform code using Google's Vertex AI. Security & Cost Analysis: Identifies security vulnerabilities and cost inefficiencies based on best practices. Intelligent Remediation: Automatically suggests code changes to fix identified issues. Vector-Powered Knowledge Base: Uses a MongoDB Atlas Vector Search index of official Google Cloud documentation to provide highly relevant, context-aware explanations for its recommendations.

Core Technologies:

Platform: GitLab CI/CD, Google Cloud Platform (GCP), MongoDB Atlas Services: Google Cloud Run, Google Cloud Build, Google Vertex AI, MongoDB Atlas Vector Search Frameworks & Languages: Python, Flask, Gunicorn

Containerimage for opentofu

Fedora Workstation 42 configuration using Ansible

OwnLab Modules - A collection of open-source projects with IaC-based solutions for seamless deployment in your own private lab.

Mirrors list:

https://github.com/HJHPio/OwnLab-Modules

https://gitlab.com/HJHPio/OwnLab-Modules

Parent project: OwnLab

IaC for the aorps blog

Veracode Container/IaC/Secrets Scanning Component This Veracode Container/IaC/Secrets Scanning Component runs the Veracode-CLI on any GitLab pipeline

About The Container/IaC/Secrets Scanning Component is designed to be used in a CI/CD pipeline to scan a local folder, remote repository, image or archive for 3rd party library vulnerabilities, infrastructure as code misconfigurations and stored secrets.

For more information on Pipeline Scan visit Veracode Help Center Page: https://docs.veracode.com/r/Veracode_Container_Security

Mirror for devguard-ci-components

DevGuard simplifies vulnerability management for developers by integrating key security practices directly into the CI/CD workflow. With DevGuard, you can seamlessly perform tasks such as Software Composition Analysis (SCA) and Container Scanning, ensuring that vulnerabilities are detected and addressed early in your pipeline.

GitLab group and project configuration as code.