Skip to content

add devsecops_pipeline.py #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 28, 2024
Merged

add devsecops_pipeline.py #7

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 64 additions & 0 deletions devsecops_pipeline.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
import os
import subprocess
import sys

# Helper function to run shell commands
def run_command(command, cwd=None):
result = subprocess.run(command, shell=True, cwd=cwd, text=True, capture_output=True)
if result.returncode != 0:
print(f"Error: Command '{command}' failed with exit code {result.returncode}")
print(result.stdout)
print(result.stderr)
sys.exit(result.returncode)
return result.stdout

# Static Code Analysis and Code Coverage (using SonarQube)
def run_sonarqube_analysis(path):
print("Running SonarQube for static code analysis and code coverage...")
run_command(f"sonar-scanner -Dsonar.projectBaseDir={path}")

# Dependency Checking (using Safety)
def run_safety():
print("Running Safety for dependency checking...")
run_command("safety check --full-report")

# Secret Scanning (using TruffleHog)
def run_trufflehog(path):
print("Running TruffleHog for secret scanning...")
run_command(f"trufflehog {path}")

# Infrastructure as Code Scanning (using Terraform and Snyk)
def run_terraform_scan(path):
print("Running Snyk for Terraform IaC scanning...")
run_command(f"snyk iac test {path}")

# Code Coverage and Linting (using Pylint)
def run_pylint(path):
print("Running Pylint for code linting...")
run_command(f"pylint {path}")

# Main function to orchestrate the DevSecOps pipeline
def main():
project_path = os.getcwd()

# Static Analysis and Code Coverage with SonarQube
run_sonarqube_analysis(project_path)

# Dependency Checking
run_safety()

# Secret Scanning
run_trufflehog(project_path)

# Terraform IaC Scanning
terraform_path = os.path.join(project_path, 'terraform')
if os.path.exists(terraform_path):
run_terraform_scan(terraform_path)

# Linting
run_pylint(project_path)

print("DevSecOps pipeline completed successfully!")

if __name__ == "__main__":
main()