search

Building a DevSecOps CD/CI Pipeline

A practical guide on building a pipeline with security tools

hashtag
Step #1 Get A Vulnerable Web App

Get one of the vulnerable web apps from the Vulnerable Web Apps Page on your machine.

Vulnerable Web Appschevron-right

hashtag
Step #2 Get a CD/CI build server

Choose one that fits you most. Most common gitlab, travis, github actions, CircleCI, TeamCity, Bamboo

Self-hosted DevOps CD/CI platformschevron-right

hashtag
Step #3 Create your build pipeline

How to integrate a tool into my build pipeline? Go through the different types of scanners and find a tool for each scan type that fits your code/web app environment. Then try it out on you local machine against your app under test.

OWASP describes a devsecops maturity model that one can follow in order to implement every stage of a complete devsecops pipeline. One step at a time starting at maturity level 1.

LogoOWASP Devsecops Maturity Model | OWASP Foundationowasp.orgchevron-right

hashtag
Stages of the pipeline

Software Component Analysis (SCA)chevron-rightStatic Application Security Testing (SAST)chevron-rightDynamic Application Security Testing (DAST)chevron-rightSystem Hardeningchevron-rightSystem Compliance Analysischevron-rightVulnerability Analysischevron-right
PreviousTraining GuideNextSelf-hosted DevOps CD/CI platforms

Last updated