Merge branch 'KTH:2024' into 2024

.github/workflows/lecture_participation.yml

@@ -9,7 +9,11 @@ permissions:
 
 jobs:
   track-participation:
-    if: github.event.issue.number == 2370
+    if: >
+      github.event.issue.number == 2370 &&
+      github.event.comment.author_association != 'COLLABORATOR' &&
+      github.event.comment.author_association != 'OWNER' &&
+      github.event.comment.author_association != 'MEMBER'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

README.md

@@ -49,7 +49,7 @@ The schedule is at <https://www.kth.se/social/course/DD2482/calendar/>
 
 
 To pass the course, the student has to complete and pass between 3 and 5 tasks:
-* The tasks are in category: "[presentation (mandatory)](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#presentations)", "[demo (mandatory)](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#demos)", "[scientific paper](https://github.com/KTH/devops-course/blob/2024/grading-criteria.paper)", "[executable tutorial](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#executable-tutorials)", "[contribution to open-source](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#open-source-contributions)", "[feedback](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#feedback)" (presentation and demos are mandatory, at most one in the same category, it is not necessary to cover everything).
+* The tasks are in category: "[presentation (mandatory)](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#presentations)", "[demo (mandatory)](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#demos)", "[scientific paper](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#scientific-papers)", "[executable tutorial](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#executable-tutorials)", "[contribution to open-source](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#open-source-contributions)", "[feedback](https://github.com/KTH/devops-course/blob/2024/grading-criteria.md#feedback)" (presentation and demos are mandatory, at most one in the same category, it is not necessary to cover everything).
 * The [grading criteria page](grading-criteria.md) is the unique reference which explains how to pass each task category.
 * The student proposes a category and a topic, which is discussed and accepted by the TA. The proposal is made as a [structured pull-request](https://github.com/KTH/devops-course/blob/2024/.github/pull_request_template.md) on this repository. The 3-5 graded contributions must have little overlap.
 * The same student cannot choose the same topic for two different tasks. The 3-5 tasks should cover different aspects of DevOps.

contributions/README.md

@@ -61,3 +61,71 @@ General Intro about the course.
 1. [Quality Assurance in MLOps Setting: An Industrial Perspective](https://github.com/KTH/devops-course/pull/2479)
 1. [The importance of reliable testing methods](https://github.com/KTH/devops-course/pull/2397)
 
+### Week 5
+
+1. [Comparing the differential mechanisms of declarative Terraform and imperative AWS infrastructure as code.](https://github.com/KTH/devops-course/pull/2387)
+1. [Ensuring Terraform environment stability with Github Actions](https://github.com/KTH/devops-course/pull/2380)
+1. [Using Serverless and Terraform to automate the deployment of a web application to AWS](https://github.com/KTH/devops-course/pull/2391)
+1. [_AWS Cloud Development Kit - Define your cloud application resources using familiar programming languages_](https://github.com/KTH/devops-course/pull/2392)
+1. [Declarative and reproducible deployments with NixOS](https://github.com/KTH/devops-course/pull/2400)
+1. [_AIAC: An AI Infrastructure-as-code Generator_](https://github.com/KTH/devops-course/pull/2395)
+1. [_Saltstack: Grains, States and Pillars_](https://github.com/KTH/devops-course/pull/2394)
+1. [Dockerfile Compliance Scanning with Docker Bench and Trivy](https://github.com/KTH/devops-course/pull/2432)
+1. [Using Bicep to edit Azure resources as code](https://github.com/KTH/devops-course/pull/2398)
+1. [Vagrant - How a group of students can experience IaC at home](https://github.com/KTH/devops-course/pull/2440)
+1. [Comparing Pulumi and Terraform: Imperative Language vs. Declaritive Language](https://github.com/KTH/devops-course/pull/2444)
+1. [Terraform - Using infrastructre as code in DevOps](https://github.com/KTH/devops-course/pull/2458)
+1. [The do’s and don’ts of infrastructure code: A systematic gray literature review](https://github.com/KTH/devops-course/pull/2499)
+1. [Cost Optimization with Infrastructure as Code](https://github.com/KTH/devops-course/pull/2484)
+1. [BlueBuild: The Cloud-Native Desktop Paradigm](https://github.com/KTH/devops-course/pull/2508)
+1. [Check-mate: Keep your OpenTofu configurations problem-free](https://github.com/KTH/devops-course/pull/2511)
+1. [_TruffleHog - Identifying vulnerable management of secrets for IaC_](https://github.com/KTH/devops-course/pull/2510)
+1. [Using Pulumi Policy as Code to enforce rules on IaC managed cloud resources.](https://github.com/KTH/devops-course/pull/2489)
+1. [Strimzi - Easy Apache Kafka on Kubernetes](https://github.com/KTH/devops-course/pull/2514)
+1. [Infrastructure as code for dynamic deployments](https://github.com/KTH/devops-course/pull/2515)
+1. [Creating Spotify playlist using Terraform](https://github.com/KTH/devops-course/pull/2531)
+1. [Disaster Recovery using Terraform](https://github.com/KTH/devops-course/pull/2544)
+
+### Week 6
+
+1. [GitGuardian: Preventing Data Leaks Through Automated Security](https://github.com/KTH/devops-course/pull/2396)
+1. [Yet another cybersecurity risk assessment framework](https://github.com/KTH/devops-course/pull/2402)
+1. [Using Bitwarden Secret Manager to centrally store, manage, and deploy secrets at scale.](https://github.com/KTH/devops-course/pull/2409)
+1. [Making your NPM security wishes come true.](https://github.com/KTH/devops-course/pull/2421)
+1. [Continuous Information Flow Control](https://github.com/KTH/devops-course/pull/2439)
+1. [Comparing pnpm, npm and yarn](https://github.com/KTH/devops-course/pull/2443)
+1. [Dynamic Secrets in HashiCorp Vault](https://github.com/KTH/devops-course/pull/2447)
+1. [_Streamlining Python Dependency Management with Poetry_](https://github.com/KTH/devops-course/pull/2449)
+1. [_Hardening GitHub Actions for increased security_](https://github.com/KTH/devops-course/pull/2468)
+1. [Ensuring the integrity and source of software packages](https://github.com/KTH/devops-course/pull/2477)
+1. [Detecting vulnerabilities in Python code using static code analysis with Bandit](https://github.com/KTH/devops-course/pull/2507)
+1. [Integrating Organizational Policies Using Open Policy Agent](https://github.com/KTH/devops-course/pull/2512)
+1. [Using dependabot to automatically detect vulnerabilities in imported packages](https://github.com/KTH/devops-course/pull/2513)
+1. [Arc Browser's impotant security breach and why SecDevOps is important](https://github.com/KTH/devops-course/pull/2545)
+1. [The event stream incident - vulnerabilities of open source dependencies and possible mitigations. ](https://github.com/KTH/devops-course/pull/2525)
+1. [NixOS: Reproducibility with Flakes and Secrets](https://github.com/KTH/devops-course/pull/2546)
+1. [Secure your git and CD pipeline with SOPS.](https://github.com/KTH/devops-course/pull/2526)
+1. [Challenges and solutions when adopting DevSecOps: A systematic review](https://github.com/KTH/devops-course/pull/2550)
+1. [Using Semgrep to find vulnerabilities](https://github.com/KTH/devops-course/pull/2551)
+1. [Machine Learning-Based Run-Time DevSecOps: ChatGPT Against Traditional Approach](https://github.com/KTH/devops-course/pull/2556)
+1. [Implementing and Automating Security Scanning to](https://github.com/KTH/devops-course/pull/2547)
+1. [Integrate RetireJS into Github workflow](https://github.com/KTH/devops-course/pull/2553)
+1. [The Seven Sins: Security Smells in Infrastructure as Code Scripts](https://github.com/KTH/devops-course/pull/2552)
+1. [Using static analysis with SonarCloud to identify security flaws.](https://github.com/KTH/devops-course/pull/2558)
+1. [Automating Private Dependency Management and Version Integration](https://github.com/KTH/devops-course/pull/2569)
+
+### Week 7
+
+1. [DevOps Education - Challenges and Recommendations](https://github.com/KTH/devops-course/pull/2448)
+1. [RefBot: Intelligent Software Refactoring Bot](https://github.com/KTH/devops-course/pull/2456)
+1. [AI Anomaly Detection for log monitoring](https://github.com/KTH/devops-course/pull/2496)
+1. [Infrastructure as Code Using Ansible Playbooks](https://github.com/KTH/devops-course/pull/2536)
+1. [DevOps at Scale: Managing Complex Service Architectures in Large Technical Companies](https://github.com/KTH/devops-course/pull/2523)
+1. [Chaos Engineering with Chaos Monkey](https://github.com/KTH/devops-course/pull/2549)
+1. [Data Version Control for MLOps with DVC](https://github.com/KTH/devops-course/pull/2560)
+1. [A Case Study of Developer Bots: Motivations, Perceptions, and Challenges](https://github.com/KTH/devops-course/pull/2532)
+1. [Understanding GDPR and its importance for DevOps](https://github.com/KTH/devops-course/pull/2585)
+1. [ChatOps Bots for Monitoring and Incident Response in DevOps](https://github.com/KTH/devops-course/pull/2592)
+1. [Metrics vs Logging for DevOps Monitoring (Comparing Prometheus and ELK Stack)](https://github.com/KTH/devops-course/tree/2024/contributions/presentation/week7/linussve-daniellw/README.md)
+1. [Software licencing overview and compliance automation](https://github.com/KTH/devops-course/pull/2614)
+

contributions/demo/week5/aleliu-jakstrom/README.md

@@ -0,0 +1,27 @@
+# Assignment Proposal
+
+## Title
+
+Infrastructure as Code Using Salt
+
+## Names and KTH ID
+
+  - Alexander Liu ([email protected])
+  - Jakob Ström ([email protected])
+
+## Deadline
+
+- Week 5
+
+## Category
+
+- Demo
+
+
+## Description
+Our demo will be of the CMT Saltstack. Our Demo will first introduce a brief overhead of some common configuration management tools and Saltstack's place among these. After this we will show Saltstacks flexibility in its features and its Event features.
+
+
+**Relevance**
+Our demo will showcase one of the alternatives to scalable configuration management tools, Saltstack (Salt), and how it shines in terms of customizability and flexibility.
+SaltStack has significant relevance to DevOps practices, as it provides tools that directly align with the core principles of DevOps: automation, collaboration, continuous delivery, and infrastructure management.

contributions/demo/week5/linussve-mnem/README.md

@@ -0,0 +1,30 @@
+
+# Assignment Proposal
+
+## Title
+
+Disaster Recovery using Terraform
+
+## Names and KTH ID
+
+  - Linus Svensson ([email protected])
+  - Muhammadsodiq Nematjanov ([email protected])
+
+## Deadline
+
+Week 5 
+
+## Category
+
+- Demo
+
+
+
+## Description
+
+This demo will demonstrate mainly how terraform can be used as a strong tool for disaster recovery and creating Virtual Machines on Google Cloud Services, as well as how to create an infrastructure as desired using terraform.
+
+**Relevance**
+
+By automating recovery processes, organizations can improve resilience, efficiency, reliability, compliance, and customer experience. This is essential in today's fast-paced, technology-driven world, where downtime can have severe 
+

contributions/demo/week5/prerna-immig/README.md

@@ -0,0 +1,27 @@
+# Assignment Proposal
+
+## Title
+
+Creating Spotify playlist using Terraform
+
+## Names and KTH ID
+
+  - Prerna Gupta ([email protected])
+  - Florian Jerome Immig ([email protected])
+
+## Deadline
+
+- Week 5
+
+## Category
+
+- Demo
+
+## Description
+
+Using Terraform to create a Spotify playlist as an application of Infrastructure as Code (IaC) demonstrates how we can automate the management of infrastructure through code. This can then be transitioned to OpenTofu, an open-source Terraform fork, to highlight flexibility in tool choice within a DevOps pipeline.
+
+**Relevance**
+
+OpenTofu is a fork of Terraform that was created after HashiCorp, the company behind Terraform changed the licensing model. OpenTofu retains the same core functionality as Terraform but is community-driven and free from licensing restrictions. Transitioning from Terraform to OpenTofu for managing the Spotify playlist highlights the ability to switch tools without drastically changing the overall workflow. The configuration files remain largely the same, demonstrating tooling flexibility and the importance of open-source alternatives in DevOps environments. Using Terraform/OpenTofu to manage a Spotify playlist makes the process more collaborative. Anyone with access to the codebase can propose changes to the playlist, enabling more structured and transparent change management between teams.
+

contributions/demo/week5/rmfseo/README.md

@@ -0,0 +1,29 @@
+# Assignment Proposal
+
+## Title
+
+Declarative Infrastructure with Terraform, NixOS, and Nomad
+
+## Names and KTH ID
+
+- Rafael Oliveira ([email protected])
+
+## Deadline
+
+- Week 5
+
+## Category
+
+- Demo
+
+## Description
+
+As an organization's systems grow in breadth and complexity, it becomes paramount to have a single source of truth which can accurately document how the organization's infrastructure is organized, what services should be running where, and what state exists to be kept under consideration for, e.g., backups. Additionally, it is important that this information is sufficient to rebuild the entire network (or parts thereof), ideally in an automated manner and with the least friction possible.
+
+I intend to present a solution to this problem, which comprises a tight integration of three different tools, each of which specializing in declarative definitions at different levels: Terraform is used to provision machines and configure them, NixOS ensures their reproducibility and of the environment they provide, and Nomad handles runtime orchestration of jobs according to concrete specifications.
+
+This is the solution currently in use by KTH's Computer Science Chapter (Datasektionen), where I am responsible for all systems and overarching IT infrastructure. My plan for this demo is to showcase how one might introduce a new host running a new service (e.g., Vaultwarden), highlighting the different steps and considerations involved. The goal is not to explain how to set up the base declarative structure, but rather to demonstrate an incremental change that would be realistic in day-to-day operations and thus exemplify the benefits and quirks of using Infrastructure-as-Code.
+
+**Relevance**
+
+Reproducibility and centralized self-documentation are very attractive core tenets to a growing number of organizations, given the immense benefits they usually imply - this makes Infrastructure-as-Code (IaC) a very important concept to understand and keep in mind when considering different solutions and architectures. However, IaC is difficult to explain due to the multitude of parts involved, so one may sometimes find it hard to understand concretely how it works and what normal usage looks like. My demo strives to show a realistic example of how a professional might make use of IaC to assist them in their normal operations.

contributions/demo/week6/anouiser/README.md

@@ -0,0 +1,27 @@
+# Assignment Proposal
+
+## Title
+
+Kubernetes secrets with Sealed Secrets
+
+## Names and KTH ID
+
+  - Amin Nouiser ([email protected])
+
+## Deadline
+
+- Week 6
+
+## Category
+
+- Demo
+
+## Description
+
+Managing Kubernetes secrets can be challenging, especially when the infrastructure is defined in code in a public git repository. By default, Kubernetes secrets are only base64 encoded but not encrypted which is not sufficiently secure. Sealed Secrets is a tool that allows secrets to be encrypted by the developer and remain so until they reach the cluster. 
+
+In this demo, I will begin by demonstrating how secrets can be distributed without Sealed Secrets to illustrate the security risk. I will then introduce Sealed Secrets and demonstrate how it solves this problem and makes the distribution more secure.
+
+**Relevance**
+
+This demo is relevant to DevOps as it addresses secure secret management in Kubernetes which is a key principle in DevSecOps.

contributions/demo/week6/cnra-catir/README.md

@@ -0,0 +1,16 @@
+# Assignment Proposal
+## Title
+Automating Private Dependency Management and Version Integration
+## Names and KTH ID
+- Chandni Rakhashiya ([email protected])
+- Emir Catir ([email protected])
+## Deadline
+- Week 6
+## Category
+- Demo
+## Description
+In this demo, we will explore how to effectively manage private dependencies in web applications using Azure Artifacts. We will display how to store, publish, and manage packages securely within Azure Artifacts and automate its integration into applications. Additionally, we will demonstrate how to streamline version updates by integrating new version of dependency across multiple applications or environments.
+
+Relevance
+
+This topic directly addresses key aspects of dependency management by demonstrating how to securely manage private packages. This approach enhances control and efficiency in managing dependencies. By leveraging CI/CD, the process of handling version updates is automated and this ensures faster, more reliable updates.

contributions/demo/week6/ollegu-smhanna/README.md

@@ -0,0 +1,25 @@
+# Assignment Proposal
+
+## Title
+
+Integrate RetireJS into Github workflow
+
+## Names and KTH ID
+
+- Olle Gunnemyr ([email protected])
+- Sam Maltin ([email protected])
+
+## Deadline
+
+- Week 6
+
+## Category
+
+- Demo
+
+## Description
+
+RetireJS is an open-source tool that can detect the use of JavaScript library versions with known vulnerabilities when developing a web application. By integrating the scan into a Github CI/CD pipeline via Github Actions, it would mitigate the risks from vulnerable libraries early in the Software Development Life Cycle (SDLC). Modifications/uses of RetireJS within Github for further security measures will also be demonstrated.
+
+_Relevance
+With the growing number of Javascript libraries on the web and Node.js applications, it is easier to unknowingly choose insecure libraries during development. Automating the vulnerability detection in the CI/CD pipeline by integrating RetireJS, would earlier mitigate the risks of security breaches from these vulnerable libraries, such as Cross-Site Scripting or Remote Code Execution attacks, and thus would be a relevant aspect within DevSecOps.

contributions/demo/week6/raeef-daniellw/README.md

@@ -0,0 +1,28 @@
+# Assignment Proposal
+
+## Title
+
+Using static analysis with SonarCloud to identify security flaws.
+
+## Names and KTH ID
+
+  - Daniel Lai Wikström ([email protected])
+  - Rafael Bechara ([email protected])
+
+## Deadline
+
+- Week 6
+
+## Category
+
+- Demo
+
+## Description
+
+We'll be showing how integrating SonarCloud with GitHub Actions can help developers automatically discover potential security flaws in their applications. Before the demo we'll set up a repo with GitHub Actions that automatically run a sonar scan upon pushing new code. 
+
+During the demo we'll push some code with a security flaw such as not sanitizing user input which makes us vulnerable to XSS attack. We'll then show how this vulnerability fails the quality gate check. We’ll then show the analysis page that gives us information of where in the code the vulnerabilities are, how the vulnerabilities work and suggestions about how we can fix them.
+
+**Relevance**
+
+Using GitHub Actions for static code analysis upon pushing to a repo is a pretty textbook example of DevOps by facilitating Continous Integration through automatic testing upon source code changes. Since we're adding the capability of identifying security flaws to our DevOps workflow it's also relevant to DevSecOps.