Skip to content

thanakritks/automated

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Automated DevSecOps with Golang

This project demonstrates a simple Golang web server integrated with a DevSecOps pipeline using GitHub Actions. The pipeline includes static code analysis, container security scanning, and dynamic application security testing (DAST).

Project Structure

├── Dockerfile
├── go.mod
├── main.go
├── readme.md
└── .github/
└── workflows/
└── security_scan.yml

Getting Started

Prerequisites

  • Golang installed on your local machine
  • Docker installed on your local machine
  • GitHub account

Installation

  1. Clone the repository:

    git clone https://github.com/yourusername/automated-devsecops-golang.git
    cd automated-devsecops-golang
  2. Install dependencies:

    go mod tidy

Running the Web Server

To run the web server locally, use the following command:

go run main.go

The server will start on http://localhost:8080.

Building the Docker Image

To build the Docker image, use the following command:

docker build -t yourusername/automated-devsecops-golang .

Running the Docker Container

To run the Docker container, use the following command:

docker run -p 8080:8080 yourusername/automated-devsecops-golang

GitHub Actions Pipeline

This project uses GitHub Actions for CI/CD. The pipeline is defined in .github/workflows/security_scan.yml and includes the following steps:

  1. Static Code Analysis: Uses golangci-lint to perform static code analysis.
  2. Container Security Scanning: Uses Trivy to scan the Docker image for vulnerabilities.
  3. Dynamic Application Security Testing (DAST): Uses OWASP ZAP to perform dynamic security testing on the running application.

Contributing

Contributions are welcome! Please open an issue or submit a pull request for any changes.

License

This project is licensed under the MIT License.

About

Example basic DevSecOps automated for CI/CD

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published