No description
- HTML 55%
- Java 45%
|
Deven Phillips
897c6c893d
Fixing one of the template references |
||
|---|---|---|
| inventory | Fixing one of the template references | |
| src | Retrofit to JUnit 4 | |
| .gitignore | Updated Jenkinsfile for JaCoCo coverage report | |
| DemoScript.md | Added initial demo script | |
| Jenkinsfile | Fix pvc for Maven slave | |
| pom.xml | Copy new settings from Step_2 | |
| README.md | Fixed remaining issues | |
| requirements.yml | Updated Jenkinsfile for JaCoCo coverage report | |
Innovation Labs Security & Compliance Demo
Overview
This project demonstrates some of the features we can provide in a Labs residency around security and compliance analysis in a DevOps environment.
- OWASP Zed Attack Proxy
- OWASP Dependency Check
- SonarQube Static Analysis
Prerquisites
- Ansible (>= 2.4)
- Ansible-Galaxy
- OpenShift Container Platform CLI (oc)
- An OpenShift cluster where this demo can be deployed (OCP >= 3.6)
Deploying this demo
- This demo takes some time to prepare/deploy
- This demo cannot be deployed LIVE during a talk
- Check out this repository
- Install casl-ansible using Ansible Galaxy
ansible-galaxy install --roles-path . -r requirements.yml
- Log on to an OpenShift cluster where the demo will be run
oc login -u <username> <OCP Master URL>
- Deploy the application and CI/CD environment to OpenShift
ansible-playbook --connection=local -i inventory casl-ansible/playbooks/openshift-cluster-seed.yml
Running this demo
- When the demo is first deployed, the CI/CD environment will be deployed
- Could take as long as 30 minutes
- Once the CI/CD environment is deployed, the Spring application will be built
- Manual approval to deploy to the
Demoenvironment will be required
- Manual approval to deploy to the
- The initial build of the application WILL fail
- This is intentional... The initial build has insecure dependencies and insecure web semantics
- The first step is to show the failed build and show the reasons for the failed build
- Log in to Jenkins, display the OWASP Dependency Check Report
- Fix the dependency check problem by switching to the
Step_1branch - Trigger the pipeline to rebuild
- Show that the build failed because of the ZAP scan finding insecure practices in the web app
- Fix the ZAP scan issue by switching to the
Step_2branch - Trigger the pipeline to rebuild
- Show that the build now passes both scans