Building a DevSecOps CD/CI Pipeline

A practical guide on building a pipeline with security tools

Step #1 Get A Vulnerable Web App

Get one of the vulnerable web apps from the Vulnerable Web Apps Page on your machine.

Step #2 Get a CD/CI build server

Choose one that fits you most. Most common gitlab, travis, github actions, CircleCI, TeamCity, Bamboo

Step #3 Create your build pipeline

How to integrate a tool into my build pipeline? Go through the different types of scanners and find a tool for each scan type that fits your code/web app environment. Then try it out on you local machine against your app under test.

OWASP describes a devsecops maturity model that one can follow in order to implement every stage of a complete devsecops pipeline. One step at a time starting at maturity level 1.

OWASP Devsecops Maturity Model | OWASP Foundation

Stages of the pipeline

Software Component Analysis (SCA)Static Application Security Testing (SAST)Dynamic Application Security Testing (DAST)System Hardening System Compliance Analysis Vulnerability Analysis

PreviousTraining Guide NextSelf-hosted DevOps CD/CI platforms

Last updated 4 years ago