Skip to content

L3m0nb4tt3ry/DevSecOps-Studio

 
 

Repository files navigation

Welcome to DevSecOps Studio Project!

Build Status

DevSecOps Studio is one of its kind, self contained DevSecOps environment/distribution to help individuals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started, mostly automatic and battle tested during our Free Practical DevSecOps Course at https://www.teachera.io/devsecops-course/

DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning/teaching DevSecOps practices with the following features.

  1. Easy to setup environment with just one command “vagrant up”
  2. Teaches Security as Code, Compliance as Code, Infrastructure as Code
  3. With built-in support for CI/CD pipeline
  4. OS hardening using ansible
  5. Compliance as code using Inspec
  6. QA security using ZAP, BDD-Security and Gauntlt
  7. Static tools like bandit, brakeman, windbags, gitrob, gitsecrets
  8. Security Monitoring using ELK stack.

Note:

  • If you wish to join our free course, please click on Join the course in the above link.

How do I get set up?

Summary of Setup

TL;DR

Install Vagrant, Virtualbox, Ansible and Follow the below steps.

# Download the code
$ git clone https://github.com/teacheraio/DevSecOps-Studio.git && cd DevSecOps-Studio

# Download the ansible dependency roles
$ ansible-galaxy install -r requirements.yml -p provisioning/roles

# Setup the environment, takes an hour or less based on your internet speed.
$ vagrant up

Go grab some coffee while DevSecOps Studio does its job.

Yes, that's it, you just setup entire DevSecOps environment with three commands :)

Go ahead and read Practical DevSecOps Lessons on the wiki

Details

DevSecOps Studio uses vagrant, virtualbox and ansible to setup the lab environment. You can visit the vendor's website to download the above software for on Windows/Linux/macOS.

DevSecOps Studio simulates the environment presented below.

Software

Hardware

  • Atleast 4GB of RAM for the virtual machines.
  • 60GB of HDD Space.
  • Intel i3 Processor or above.

Dependencies

MacOS (optional)

Prerequisites can also be installed via homebrew on MAC OS X

Homebrew: Optional

 /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Vagrant

brew cask install vagrant

Virtualbox

brew cask install virtualbox

Ansible

brew install ansible

Linux

Install with curl(run as root)

curl -O https://raw.githubusercontent.com/raghuone/DevSecOps-Studio/master/setup/Linux_DevSecOps_Setup.sh && chmod +x Linux_DevSecOps_Setup.sh && ./Linux_DevSecOps_Setup.sh;

or

Install dependencies using apt-get

Virtualbox

sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

sudo apt update

sudo apt install virtualbox

Vagrant

sudo apt-get install vagrant python2 python2-pip

Ansible

pip install ansible

Windows (optional)

Easiest solution for windows user is to use DevSecOps Studio Virtualbox Appliance

  1. Download DevSecOps-Studio Appliance (4.45 GB) from this link

  2. Import the above Appliance by following these step

Alternatively, Installation can be done using chocolatey by opening up command prompt and using the following command.

@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

Install dependencies using choco

choco install vagrant virtualbox git -y 

Install ansible via pip

Installation on windows for ansible is not straight forward, please follow these instructions to install cygwin and then install ansible

choco install python2 -y #Installs python 2.7.x, includes pip under scripts folder of python27
pip install ansible

Installation

  1. Clone this repo or download the zip

    $ git clone https://github.com/teacheraio/DevSecOps-Studio.git
  2. CD into the directory and check what boxes are available.

    $ cd DevSecOps-Studio && vagrant status
  3. Download requirement ansible dependencies.

    $ ansible-galaxy install -r requirements.yml
  4. Edit the machines.yml file to make any changes, if you are not sure please leave it as default. Meanwhile, go grab some coffee to enjoy :)

    vagrant up

You can see how it all fits in DevSecOps pipeline by reading out WIKI

How to use the setup

What's included in the environment?

The environment contains the following tools used in different stages of DevSecOps.

Technology Tools
PenTest Toolkit: Nmap, Metasploit
Static Analysis Tools: Brakeman, bandit, findbugs
Dynamic Analysis Tools: ZAP proxy, Gaunlt
Hardening: DevSec Ansible OS Hardening
Compliance: Inspec
Operating System : Ubuntu Xenial (16.04)
Programming Languages: Java, Python 2, Python 3, Ruby/Rails
Container Technology: Docker
Source Code Management: Gitlab (github like system)
CI Server: Gitlab CI/Jenkins
Configuration Management: Ansible
Monitoring and Log management: Elastic Search, LogStash and Kibana
Cloud Provider Utilities: AWS CLI
Utilities: Git, Vim, curl, wget,

Todo Features

  • Provision the stack on AWS using vagrant.
  • Build Images using Packer and upload to vagrant cloud.
  • Add Ansible Testing using molecule.
  • Add Container scanning using clair.
  • Add Inspec for compliance.

Contribution guidelines

  • Fork this repo.
  • Contribute (documentation/features)
  • Raise a Pull Request (PR)

Credits

DevSecOps Studio uses some of the ansible roles from Jeff

Who do I talk to?

  • If you have any questions regarding this repo, please contact Mohammed A. Imran @secfigo and Raghunath G @raghunath24

About

Virtual environment for learning DevSecOps

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 72.1%
  • Python 27.9%