DevSecOps for Infrastructure as Code

GauravGaurav
1 min read

This post provides information about building a DevSecOps pipeline for your Infra as Code setup.

๐Ÿ“๐‚๐จ๐ฆ๐ฉ๐จ๐ง๐ž๐ง๐ญ๐ฌ ๐”๐ฌ๐ž๐:

  • GitHub Actions: As CI/CD platform.

  • HashiCorp Terraform: Tool for Infra as Code.

  • ๐’๐ญ๐š๐ญ๐ข๐œ ๐‚๐จ๐๐ž ๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐“๐จ๐จ๐ฅ๐ข๐ง๐ : GitLeaks for secrets leaks and Checkmarx KICS for security vulnerability and security compliance checks.

  • ๐€๐ฎ๐๐ข๐ญ/๐‹๐จ๐ ๐ ๐ข๐ง๐  ๐‚๐š๐ฉ๐š๐›๐ข๐ฅ๐ข๐ญ๐ฒ: Use Opensource Platform like Grafana Loki to ingest your CI/CD pipeline logs.

๐๐ซ๐จ ๐“๐ข๐ฉ: ๐Ÿ’ก

  1. If using GitHub Self hosted runner try make sure they run with ๐ง๐จ๐ง-๐ฉ๐ซ๐ข๐ฏ๐ข๐ฅ๐ž๐ ๐ž๐ ๐ฎ๐ฌ๐ž๐ซ and not root.

  2. Pin Actions releases with its ๐’๐‡๐€ ๐œ๐จ๐ฆ๐ฆ๐ข๐ญ ๐ข๐ง๐ฌ๐ญ๐ž๐š๐ ๐จ๐Ÿ ๐ญ๐š๐ /๐ฏ๐ž๐ซ๐ฌ๐ข๐จ๐ง.

๐‘ฐ๐’๐’”๐’•๐’†๐’‚๐’… ๐’๐’‡ ๐’•๐’‰๐’Š๐’”:

uses: 'actions/checkoutv4โ€™

๐‘ผ๐’”๐’† ๐’•๐’‰๐’Š๐’”:

uses: 'actions/checkout@<FULL SHA commit>

GitHub Repo Link: https://github.com/iamgp21/database-as-code

1
Subscribe to my newsletter

Read articles from Gaurav directly inside your inbox. Subscribe to the newsletter, and don't miss out.

GitHubTerraformgithub-actionsDevSecOps

Written by

Gaurav
Gaurav