Orthosecure is a fully responsive, full-stack web application designed to streamline dentistry appointment bookings, enhance administrative workflows, and improve patient engagement. With its user-friendly interface and powerful administrative panel, Orthosecure empowers dental practices to efficiently manage appointments, patient records, and clinic operations. OrthoSecure is a robust and secure application designed to enhance security and compliance within containerized environments. It leverages cutting-edge technologies to monitor, analyze, and secure workloads in real-time.
- Appointment Booking System: Allows patients to book, modify, or cancel appointments online with ease.
- Admin Panel: Provides clinic administrators with full control over scheduling, patient records, and appointment history.
- User Authentication: Secure patient and admin login with session-based management.
- Responsive Design: Ensures seamless usability across all devices, including desktops, tablets, and mobile phones.
- Container Security: Implements security best practices to safeguard Docker-based environments.
- Automated Scanning: Uses SonarQube and other tools for vulnerability detection.
- CI/CD Integration: Seamless integration with GitLab CI/CD pipeline.
- Ease of Deployment: Simple setup with Docker and Kubernetes.
- Policy Enforcement: Implements security policies using Falco and other monitoring tools.
Tools and technologies: Python, HTML, CSSS, Javascript, Docker, Kubernetes, Trivy, SonarQube, Git, Gitlab, Terraform, AWS services and GitHub Actions.
Our dedicated Reports folder explains the overall project Documentation with ease. Make sure you do check it before you proceed.
This project was Contributed by
DevSecOps focuses on security automation, testing and enforcement during DevOps - Release - SDLC cycles. The whole meaning behind this methodology is connecting together Development, Security and Operations. DevSecOps is methodology providing different methods, techniques and processes backed mainly with tooling focusing on developer / security experience.
DevSecOps takes care that security is part of every stage of DevOps loop - Plan, Code, Build, Test, Release, Deploy, Operate, Monitor.
Various definitions:
- https://www.redhat.com/en/topics/devops/what-is-devsecops
- https://www.ibm.com/cloud/learn/devsecops
- https://snyk.io/series/devsecops/
- https://www.synopsys.com/glossary/what-is-devsecops.html
- https://spacelift.io/blog/what-is-devsecops
Ensure you have the following installed:
- Docker & Docker Compose
- Git, GitLab Account
- Python 3.11 and JAVA JDK 17
- SonarQube & Sonar-Scanner (for static code analysis)
- AWS Account and CLI configured
- Terraform CLI configured
Security is a top priority in this project. Below are the DevSecOps security tools integrated into the development pipeline to ensure code quality, vulnerability detection, and secure infrastructure management.
Why it's used?
Trivy is an open-source vulnerability scanner used to scan Docker images, file systems, and dependencies for security vulnerabilities.
It provides CVE (Common Vulnerabilities and Exposures) reports to ensure the container images are secure before deployment.
Benefits:
✅ Fast and accurate vulnerability scanning.
✅ Seamlessly integrates with GitLab CI/CD.
✅ Helps maintain compliance and security best practices.
Why it's used?
SonarQube is used to perform static code analysis to detect bugs, vulnerabilities, and maintainability issues.
It helps enforce coding standards and security best practices.
we have also Auto-enabled it in GITLAB for continous evaluation.
Benefits:
✅ Detects security flaws like SQL injection and XSS.✅ Improves code maintainability and readability.✅ Provides in-depth security insights for developers.
Why it's used?
Bandit is a security linter specifically for Python code, helping identify security vulnerabilities in Python scripts and applications.
It scans the code for common security issues such as hardcoded passwords and insecure function usage.
Benefits:
✅ Helps catch security flaws early in development.✅ Ensures Python code adheres to security best practices.✅ Integrates easily with CI/CD pipelines for automated checks.
Why it's used?
Black is an opinionated Python code formatter that ensures consistent and readable code.
It eliminates syntax-related security issues by enforcing a uniform coding style.
Benefits:
✅ Improves code readability and maintainability.✅ Reduces syntax-related security vulnerabilities.✅ Makes collaboration easier by enforcing a consistent format.
Why it's used?
Terraform is used to manage infrastructure as code, enabling automated deployment and management of cloud resources.
It ensures reproducibility, consistency, and security in infrastructure provisioning.
Benefits:
✅ Enables version control and automation of infrastructure.✅ Reduces human errors and misconfigurations.✅ Ensures security by enforcing controlled infrastructure deployment.
Why it's used?
Kubernetes manages containerized applications by automating deployment, scaling, and operations.
It ensures high availability, load balancing, and secure container orchestration.
Benefits:
✅ Efficient container management with automated scaling.✅ Built-in security policies and access controls.✅ Provides resilience and fault tolerance for applications.
Why it's used?
HashiCorp Vault is used for securely storing and managing sensitive data such as API keys, credentials, and certificates.
It integrates with Kubernetes to inject secrets into containers securely.
Benefits:
✅ Centralized secrets management with access control.✅ Protects sensitive data with encryption.✅ Provides dynamic secrets, reducing exposure risk.
These security tools work together to create a robust DevSecOps pipeline, ensuring security at every stage of development. 🚀💡
- Clone the repository:
git clone https://github.com/thayeeb9211/ortho-secure.git cd ortho-secure - Set up environment variables and sonar properties:
[Make sure you create a .env file and add up your values in .env] MYSQL_HOST=<your host name> MYSQL_DATABASE=<your DB name> MYSQL_USER=<your username> MYSQL_PASSWORD=<Mysql password> MYSQL_ROOT_PASSWORD=<Root password> FLASK_ENV=development MYSQL_PORT=3306 MYSQL_INITDB_SKIP_TZINFO=1 SONAR_HOST_URL= "http://localhost:9000" or maybe different in your case [make sure it is reachable] SONAR_LOGIN= <your sonarqube login token> SECRET_KEY = <secret used in main.py for this project> MAIL_PASSWORD = <it's a mail password> [Make sure you create a sonar-project.properties file and add up your values in sonar-project.properties] sonar.projectKey=your_project_key_here sonar.token=your_sonar_token_here sonar.sources=. sonar.qualitygate.wait=true sonar.host.url=http://your_sonar_host_url_here sonar.python.version=your_python_version_here
- Start the application on Docker:
./execute.sh
- Run security code scans:
By Running bandit -r in the Currect directory. - Run SAST scans by ensuring it has sonarsacnner [properties configured]:
make sure your Sonar Scanner config properties are like this -- > sonar.projectKey=nidith_orthosecure_03ac60c4-e7f9-4f33-b330-4f90a86cc655 sonar.token=<your sonarqube token> sonar.sources=. sonar.qualitygate.wait=true sonar.host.url=http://localhost:9000/ # Use proper HTTP url sonar.python.version=3.11 if u are not getting how to do it, you can read the PHASE 4 Document in the Reports/ folder For a SAST Security check run sonar-scanner in the root directory.
OrthoSecure integrates with GitLab CI/CD using .gitlab-ci.yml, ensuring continuous security analysis and compliance checks.
This project is crafted by Mohammed Thayeeb Shariff 💡 I’d love to hear your feedback! Feel free to share your thoughts.
📧 Connect with me:
- LinkedIn: Mohammed Thayeeb Shariff
If you found this helpful, consider starring ⭐ the repository and sharing it with your network! 🚀
https://data-driven-portfolio-s3q1onv.gamma.site/
OrthoSecure - Securing Containers, Simplifying Security. 🚀
This project is licensed under the terms specified in the LICENSE file.