DevSecOps Studio is one of its kind, self hosted DevSecOps environment to help individuals,professionals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started, pre-configured to most extent and used for our Practical DevSecOps Course at https://eracorp.io/devsecops/
DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning DevSecOps practices with the below features.
- Easy to setup environment with few commands
- Covers Security as Code, Infrastructure as Code
- With built-in support for CI/CD pipeline, Docker registry (i.e. gitlab)
- Following environment can be used for Hardening infrastructure using ansible
- To test compliance as code using Inspec
- Ability to perform DAST scan using OWASP ZAP
- Can even run static check tools like bandit, brakeman,trufflehog, gitsecrets, etc.
Note:
- This repository is used as companion to our DevSecOps course.
- Also, the contents in the this repository vary from original repository.
- Summary of setup
- Dependencies
- DevSecOps Studio Installation
- What's included in the environment
- How to use the setup
- Todo Features
- Contribution guidelines
- Who do I talk to?
Install Vagrant, Virtualbox, Ansible and Follow the below steps.
# Download the code
$ git clone https://github.com/teacheraio/DevSecOps-Studio.git && cd DevSecOps-Studio
# Download the ansible dependency roles
$ ansible-galaxy install -r requirements.yml -p provisioning/roles
# Setup the environment, takes an hour or less based on your internet speed.
$ vagrant upGo grab some coffee while DevSecOps Studio does its job.
Yes, that's it, you just setup entire DevSecOps environment with three commands :)
Go ahead and read Practical DevSecOps Lessons on the wiki
DevSecOps Studio uses vagrant, virtualbox and ansible to setup the lab environment. You can visit the vendor's website to download the above software for on Windows/Linux/macOS.
DevSecOps Studio simulates the environment presented below.
- Atleast 8GB of RAM for the virtual machines and 16GB of memory on Host.
- 80GB of HDD Space.
- Intel i3 Processor or above.
- VirtualBox
Prerequisites can also be installed via homebrew on MAC OS X
Homebrew: Optional
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew cask install vagrantbrew cask install virtualboxbrew install ansibleInstall dependencies using apt-get
sudo apt-get install vagrant python3 python3-pippip install ansibleor
sudo apt install ansibleYou can see how it all fits in DevSecOps pipeline by reading out WIKI
The environment contains the following tools used in different stages of DevSecOps.
| Technology | Tools |
|---|---|
| PenTest Toolkit: | Nmap, Nikto |
| Static Analysis Tools: | bandit |
| Dynamic Analysis Tools: | ZAP proxy |
| Hardening: | DevSec Ansible OS Hardening |
| Operating System : | Ubuntu Jammy (22.04) & Focal Fossa (20.04) |
| Programming Languages: | Java, Python 2, Python 3, Ruby/Rails |
| Container Technology: | Docker |
| Source Code Management: | Gitlab (github like system) |
| CI Server: | Gitlab CI |
| Docker Registry: | Gitlab |
| Configuration Management: | Ansible |
| Cloud Provider Utilities: | AWS CLI |
| Utilities: | Git, Vim, curl, wget, |
- Provision the stack on AWS using vagrant.
- Build Images using Packer and upload to vagrant cloud.
- Add ELK and monitoring setup.
- Enable Jenkins based pipeline.
- Fork this repo.
- Contribute (documentation/features)
- Raise a Pull Request (PR)
-
DevSecOps Studio uses some of the ansible roles from Jeff
-
Thanks to Mohammed A. Imran @secfigo for all valuable contributions and building up DevSecOps studio lab setup.
- If you have any questions regarding this repo, please contact Raghunath G @raghuio