DevSecOps Health Dashboard

A simple DevSecOps implementation featuring a health metrics dashboard with security scanning, monitoring, and observability.

🏗️ Architecture

![ Project-Architecture] (https://github.com/nshivakumar1/devsecops-project/blob/main/Project-Architecture.png)

Screenshots

! [Dashboard Screenshot] (https://github.com/nshivakumar1/devsecops-project/blob/main/Screenshots/Dashboard%20Screenshot.png) ! [Github Actions-succesful] (https://github.com/nshivakumar1/devsecops-project/blob/main/Screenshots/Github%20Actions-successful%20deployment.png) ! [Grafana Dashboard] (https://github.com/nshivakumar1/devsecops-project/blob/main/Screenshots/Grafana%20Dashboard.png) ! [Github Actions Failure Deployment] (https://github.com/nshivakumar1/devsecops-project/blob/main/Screenshots/Github%20Actions%20Failure%20Deployments.png)

🚀 Quick Start

# Clone the repository
git clone <repository-url>
cd devsecops-health-dashboard

# Run the setup script
chmod +x setup.sh
./setup.sh

🌐 Access Points

Service	URL	Credentials
Web App	http://localhost:3000	-
Prometheus	http://localhost:9090	-
Grafana	http://localhost:3001	admin/admin123

📊 Key Features

🔧 Web Application

Health Endpoints: /health, /metrics
Load Simulation: /simulate-load
Prometheus Integration: Custom metrics collection
Docker Health Checks: Automated container health monitoring

🔍 Security Scanning

Trivy Integration: Vulnerability scanning for containers
Configuration Scanning: Docker Compose security analysis
Secret Detection: Repository-wide secret scanning
Automated Reports: Security scan results and recommendations

📈 Monitoring & Observability

Prometheus Metrics:
- HTTP request rates and duration
- Application uptime
- Memory usage
- Custom business metrics
Grafana Dashboards:
- Real-time health visualization
- Performance metrics
- System resource monitoring

🛠️ Tech Stack

Containerization: Docker & Docker Compose
Security: Trivy vulnerability scanner
Monitoring: Prometheus metrics collection
Visualization: Grafana dashboards
Application: Node.js with Express
Metrics: Prometheus client library

📁 Project Structure

devsecops-health-dashboard/
├── webapp/                 # Node.js health dashboard app
│   ├── Dockerfile         # Container configuration
│   ├── package.json       # Dependencies
│   └── app.js            # Main application
├── prometheus/            # Metrics collection config
│   └── prometheus.yml    # Prometheus configuration
├── grafana/              # Dashboard configuration
│   ├── dashboards/       # Dashboard definitions
│   └── provisioning/     # Auto-provisioning config
│       ├── dashboards/   # Dashboard provisioning
│       └── datasources/  # Datasource provisioning
│           └── datasources.yml  # Prometheus datasource config
├── docker-compose.yml    # Service orchestration
├── security-scan.sh      # Security scanning script
├── setup.sh             # Quick setup script
├── .gitignore           # Git ignore patterns
└── README.md            # This file

🔨 Manual Setup

Prerequisites

Docker & Docker Compose
curl (for testing)
jq (optional, for JSON formatting)

Step by Step

Start Services
```
docker-compose up --build -d
```

Run Security Scan

chmod +x security-scan.sh
./security-scan.sh

Test the Application

curl http://localhost:3000/health
curl http://localhost:3000/metrics

Generate Test Traffic

for i in {1..10}; do 
  curl http://localhost:3000/simulate-load
done

📊 Available Metrics

Application Metrics

http_requests_total - Total HTTP requests by method, route, status
http_request_duration_seconds - Request duration histogram
app_uptime_seconds - Application uptime in seconds

System Metrics

process_resident_memory_bytes - Memory usage
process_cpu_seconds_total - CPU usage
nodejs_heap_size_total_bytes - Node.js heap size

🔐 Security Features

Vulnerability Scanning

Container Images: Scans for known CVEs
Dependencies: Checks for vulnerable packages
Configuration: Reviews Docker and Compose security
Secrets: Detects exposed credentials

Security Best Practices

Non-root container execution
Minimal base images (Alpine Linux)
Health check implementation
Environment-based configuration
Network isolation between services

🧪 Testing

Health Check Endpoints

# Application health
curl http://localhost:3000/health

# Prometheus metrics
curl http://localhost:3000/metrics

# Load simulation
curl http://localhost:3000/simulate-load

Service Status

# Check all services
docker-compose ps

# View logs
docker-compose logs webapp
docker-compose logs prometheus
docker-compose logs grafana

🔧 Configuration

Environment Variables

NODE_ENV - Application environment (development/production)
GF_SECURITY_ADMIN_USER - Grafana admin username
GF_SECURITY_ADMIN_PASSWORD - Grafana admin password

Customization

Metrics: Modify webapp/app.js to add custom metrics
Dashboards: Edit grafana/dashboards/health-dashboard.json
Alerts: Configure in prometheus/prometheus.yml

🚨 Troubleshooting

Common Issues

Services not starting

docker-compose logs
docker-compose ps

Port conflicts

# Edit docker-compose.yml to change ports
# For example, change 3000:3000 to 3002:3000

Grafana dashboard not loading

# Wait 2-3 minutes for provisioning
# Check grafana logs
docker-compose logs grafana

Trivy not found

# Install Trivy manually
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

Useful Commands

# Restart all services
docker-compose restart

# Rebuild without cache
docker-compose build --no-cache

# Clean up everything
docker-compose down -v
docker system prune -f

# Update images
docker-compose pull

📈 Monitoring Guide

Prometheus Queries

# Request rate
rate(http_requests_total[5m])

# Error rate
rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m])

# Memory usage
process_resident_memory_bytes / 1024 / 1024

# Uptime
app_uptime_seconds / 3600

Grafana Dashboard Features

Real-time request metrics
Memory and CPU usage graphs
Application uptime tracking
Error rate monitoring
Response time distribution

🔄 CI/CD Integration

This project is designed to integrate with CI/CD pipelines:

# Example GitHub Actions step
- name: Security Scan
  run: |
    docker build -t app:latest ./webapp
    trivy image --exit-code 1 --severity HIGH,CRITICAL app:latest

📚 Next Steps

Enhancements

Add alerting rules in Prometheus
Implement log aggregation with ELK stack
Add database metrics
Implement distributed tracing
Add performance testing
Implement blue-green deployment

Security Improvements

📄 License

MIT License - see LICENSE file for details.

🤝 Contributing

Fork the repository
Create a feature branch
Make your changes
Run security scans
Submit a pull request

📞 Support

For issues and questions:

Check the troubleshooting section
Review Docker Compose logs
Open an issue in the repository

Built with ❤️ for DevSecOps practices

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
.github/workflows		.github/workflows
Screenshots		Screenshots
grafana		grafana
prometheus		prometheus
webapp		webapp
.gitignore		.gitignore
Project-Architecture.png		Project-Architecture.png
README.md		README.md
docker-compose.yml		docker-compose.yml
security-scan.sh		security-scan.sh
setup.sh		setup.sh
validate-security.sh		validate-security.sh

nshivakumar1/devsecops-project

Folders and files

Latest commit

History

Repository files navigation