Skip to content

Releases: rcarrata/devsecops-demo

v1.2.0

22 Sep 19:01
@rcarrata rcarrata
v1.2.0
48a2308
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.0 Latest
Latest

Fixed Secured Cluster.
Bump versions of Build Images
Fixed minor bugs

Assets 2

v1.1.0

17 Jul 13:19
@rcarrata rcarrata
v1.1.0
f15f140
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0

Extended Lab adding the following features:

  • Added ACS Policy for Signing Violation
  • Added Quay to store signed Artifacts
  • Added Tekton Chaining for build pipeline violation
  • Added Cosign Signing
  • Updated Readme to reflect feature changes

Big thank you @MoOyeg for this contribution to the lab!

Contributors

MoOyeg
Assets 2

v1.0.0

16 Jul 19:12
@rcarrata rcarrata
v1.0.0
771f912
Compare
Choose a tag to compare
v1.0.0

This first release of the devsecops demo includes:

  • Static application security testing (SAST) using SonarQube, and JUnit Testing
  • Software composition analysis (SCA) with Maven Dependency Report and Nexus
  • Interactive application security testing (IAST) and dynamic application security testing (DAST) using StackRox/RHACS
  • Configuration Management and Image Risk using StackRox/RHACS
  • Pentesting using OWASP Zap Proxy
  • Performance Tests using Gatling
  • Optional: Slack Notifications using Stackrox Notifications and Slack chanel
  • Ansible Automation for install, configure and prepare all the prerequisites and software needed during the demo
Assets 2