DevSecOps pipeline for Python based project using Jenkins, Ansible, AWS, and open-source security tools and checks.
A Jenkins end-to-end DevSecOps pipeline for Python web application, hosted on AWS Ubuntu 18.04
Disclaimer: This project is for demonstration purpose with surface level checks only, do not use it as-is for production
Checkout project - check out python application project repository with XSS vulnerability
git secret check - check there is no password/token/keys/secrets accidently commited to project github
SCA - check external dependencies/libraries used by the project have no known vulnerabilities
SAST - static analysis of the application source code for exploits, bugs, vulnerabilites
Container audit - audit the container that is used to deploy the python application
DAST - deploy the application, register, login, attack & analyse it from the frontend as authenticated user
System security audit - analyse at the security posture of the system hosting the application
WAF - deploy application with WAF which will filter malicious requests according to OWASP core ruleset
git clone https://github.com/pawnu/PythonSecurityPipeline.git
Edit the code to make it work on your AWS
Run the setup script to create CICD server with Jenkins+pipeline ready to go
cd PythonSecurityPipeline
sudo sh setup-ubuntu.sh
http://your-jenkins-server:8080/
A sample pipeline is already provided through automation
To do list: