Shift-Left in the World of DevOps!
Hasan Alkhatib
Dive into the core concept of "Shift Left" within the DevOps landscape. While this guide zeroes in on Java, Python, and Go configurations, the insights shared are valuable for developers across the board. Ready to explore? Let's jump in! ๐
Pro Tip! ๐
Before we dive deeper, here's a suggestion: Think about setting up a global pre-commit hook. This way, a bash script will run for every upcoming commit, ensuring your code undergoes all the essential checks and tests before it's locked in.
#!/bin/bash
# Create global git hooks directory and configure git
mkdir -p ~/.git-hooks && git config --global core.hooksPath ~/.git-hooks
# Create the pre-commit hook
cat > ~/.git-hooks/pre-commit << 'EOF'
#!/bin/sh
if [ -f "build.gradle" ]; then
echo "Running pre-commit checks for Java project..."
# Run tests/checks for Java projects
elif [ -f "setup.py" ] || [ -f "pyproject.toml" ]; then
echo "Running pre-commit checks for Python project..."
# Run tests/checks for Python projects
elif [ -f "go.mod" ]; then
echo "Running pre-commit checks for GoLang project..."
# Run tests/checks for Go projects
else
echo "Unknown project type. Skipping pre-commit checks."
fi
# Check the exit status and abort the commit if tests fail
if [ $? -ne 0 ]; then
echo "\nTests failed! Commit aborted.\n"
exit 1
fi
exit 0
EOF
# Make the pre-commit hook executable
chmod +x ~/.git-hooks/pre-commit
echo "Global git hooks setup complete!"
1. Local Build! ๐ ๏ธ
Before pushing your code, always ensure it builds locally. Have you considered using a build tool? I'd recommend Bazel, a fast and reliable build tool.
#!/bin/sh
# Same content for pre-commit file
if [ -f "build.gradle" ]; then
./gradlew build
elif [ -f "setup.py" ] || [ -f "pyproject.toml" ]; then
python setup.py build
elif [ -f "go.mod" ]; then
go build ./...
elif [ -f "WORKSPACE" ] || [ -f "WORKSPACE.bazel" ]; then
echo "Building Bazel project..."
bazel build //...
else
echo "Unknown project type. Skipping."
fi
2. Static Code Analysis ๐
There are many ways and different schools of thought on the specifics of code checks for a pre-commit. However, all will agree that static code analysis is a great way to catch those vulnerabilities and coding errors early on.
Java: Use SonarLint with Gradle.
Python: Utilize Flake8 for linting and Black for code formatting.
GoLang: Use golint for linting.
#!/bin/bash
# same content from the pre-commit file
if [ -f "build.gradle" ]; then
# previous checks
# Static Code Analysis checks for Java (gradle) projects
# Assuming you have SonarLint CLI or SonarQube scanner set up
./gradlew sonarqube
elif [ -f "setup.py" ] || [ -f "pyproject.toml" ]; then
# previous checks
# Static Code Analysis for Python projects
flake8 . && black --check .
elif [ -f "go.mod" ]; then
# previous checks
# Static Code Analysis for GoLang projects
golint ./...
else
echo "Unknown project type. Skipping."
fi
3. Unit Tests ๐งช
Testing is the backbone of reliable software. Ensure you have unit tests in place:
Java: Use JUnit.
Python: Use pytest.
GoLang: Go's built-in testing package is your friend.
4. Vulnerable Dependencies Check ๐
More often than not, vulnerabilities creep into your codebase due to third-party code injected as dependencies. It's crucial to ensure that these dependencies are not only up-to-date but also secure.
Java: Use the Dependency-Check Gradle plugin.
Python: safety is a great tool for checking dependencies.
GoLang: Use
go list -json -m allto list modules.
#!/bin/bash
# same content from the pre-commit file
if [ -f "build.gralde" ]; then
# previous checks
# build.gradle > plugins { id 'org.owasp.dependencycheck' version 'x.x.x' }
# configure dependency check plugin
./gradlew dependencyCheckAnalyze
elif [ -f "setup.py" ] || [ -f "pyproject.toml" ]; then
# previous checks
# pip install safety
safety check
elif [ -f "go.mod" ]; then
# previous checks
# go get github.com/securego/gosec/v2/cmd/gosec
gosec ./...
else
echo "Unknown project type. Skipping."
fi
๐จ Disclaimer: Remember, every team and project is unique. It's essential to tailor your pre-commit hooks and other practices to best fit your team's needs and the nature of your project. Always strive for a balance between thorough checks and developer productivity.
I hope this guide helps you in your DevOps journey. Feel free to share, comment, and let me know if you have any questions or suggestions! ๐
Subscribe to my newsletter
Read articles from Hasan Alkhatib directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Hasan Alkhatib
Hasan Alkhatib
Father of two. DevOps Engineer. Interested in Cloud Development, Scalability, Java, CICD, and Seeking/Sharing Knowledge