z-devsecops-cloud is a DevSecOps tool that automates vulnerability scanning and container management within a CI/CD pipeline.
Zenika Lille - Mathis - end-of-study internship 2023
This tool is designed for developers and DevOps teams who want to integrate security practices into their CI/CD workflows. It automates the scanning of source code and container images for vulnerabilities, ensuring that applications are secure before deployment.
Make sure to configure the environment variables correctly for Google Cloud and the Artifact Registry.
Ensure your repository is public for SARIF file uploads.
Set up Google Cloud authentication for Docker.
Install Maven for Java application building.mvn -B --update-snapshots package --file ${{ env.BACKEND }}/pom.xml
Builds the Java application using Maven.
docker build -t "${{ env.ARTIFACT_REGISTRY }}/frontend:pr-${{ env.PR_NUMBER }}" ${{ env.FRONTEND }}
Builds the Docker image for the frontend.
docker build -t "${{ env.ARTIFACT_REGISTRY }}/backend:pr-${{ env.PR_NUMBER }}" ${{ env.BACKEND }}
Builds the Docker image for the backend.
cosign sign --yes --key ${{ env.KMS }} ${{ env.ARTIFACT_REGISTRY }}/frontend:pr-${{ env.PR_NUMBER }}
Signs the frontend Docker image for integrity.
docker push ${{ env.ARTIFACT_REGISTRY }}/frontend --all-tags
Pushes the frontend Docker image to Google Artifact Registry.