02 CICD pipeline - TIC4302/2022-group1-E-Commerce-Portal GitHub Wiki

CI/CD Pipeline

The workflow of the CICD pipeline image

  1. Secret scan: Scan repo for secrets. We have excluded secret scan in the database folder, as the backend database contains some sensitive password hash and some html pages which may caused some false-positive results.

  2. Build: This command builds images in the docker-compose. yml file. The job of the build command is to get the images ready to create containers.

  3. SCA scan: Python safety check - to safety checks he installed dependencies for known security vulnerabilities in the python application. A SCA safety log will be produced from this scan. image

  4. SAST scan: Bandit check - to scan for common security issues in source codes. A bandit check log will be produced from this scan. image

  5. Container-scan: Vulnerability scanning for Docker images allows us to review the security state of the container images and take actions to fix issues identified during the scan. A Dockle report will be produced from this scan. image

  6. Deploy: Deploy job is for deploying our codes to Dockerhub. We have also set our secrets in our GitHub repo and link to Dockerhub.

  7. DAST : Owasp ZAP scan. A GitHub Action for running the OWASP ZAP Full Scan to perform Dynamic Application Security Testing (DAST).