stelligent / aws-devsecops-workshop Goto Github PK
View Code? Open in Web Editor NEWA continuous security pipeline demo for the AWS DevSecOps Workshop.
License: MIT License
A continuous security pipeline demo for the AWS DevSecOps Workshop.
License: MIT License
Configure CFN Nag to target all *.json and all *.template files instead of specific templates.
Move to ruby/python from gulp/serverless.js?
the admin user dir has moved to a randomly numbered directory in a recent release.
instance userdata must now discover and pass this directory, or create a symlink, in ansible bootstrapping:
ln -sfv /var/lib/jenkins/users/admin_8253647996753921952 /var/lib/jenkins/users/admin
Remove CFNDSL and it's rake tasks. All CFN templates should be raw AWS JSON.
parameterize github_owner and github_branch
Plugins are downloaded at boot via cfn-init and failures can arise do to plugin versions.
Need to ensure we are pinning them and/or investigate current pipeline plugin failure.
currently running -nohup via userdata
Currently outgoing tcp/80 and tcp/443 open to world, due to installation package download.
Installation artifacts should be vetted and stored on s3 via pipeline, and retrieved from there via cloudinit and instance profile.
Currently passing a bash script via userdata and should move to cloudinit modules, given the complexity of boot script.
exempt S3 bucket from CFN control.
use latest amazon linux ami ami-a4c7edb2
lockdown port 80 on deployment server to jenkins secgroup and trusted cidr.
world_cidr is not needed and should be removed.
this will be more important when moving from default nginx page to custom chat app #4
currently only scans jenkins template. should scan all cfn.
pull out config and inspector stuff to higher level account/vpc configuration template
this new template could then be used on all new accounts to configure configservice, cloudtrail, vpcflowlogs, cloudwatch alarms, and logging buckets.
these global services and existing roles would then be assumed/consumed by this devsecops stack (global stack outputs queried), as opposed to creating on every run.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.