Skip to content

bustersg/k8s-compliance-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

349 Commits
.cra
.cra
 
 
acceptance-test
acceptance-test
 
 
bin
bin
 
 
data
data
 
 
definitions
definitions
 
 
public
public
 
 
routes
routes
 
 
scripts
scripts
 
 
test
test
 
 
utils
utils
 
 
views
views
 
 
.dockerignore
.dockerignore
 
 
.env.deploy.sh
.env.deploy.sh
 
 
.gitignore
.gitignore
 
 
.pipeline-config.yaml
.pipeline-config.yaml
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.secrets.baseline
.secrets.baseline
 
 
.whitesource
.whitesource
 
 
Dockerfile
Dockerfile
 
 
License.txt
License.txt
 
 
README.md
README.md
 
 
app.js
app.js
 
 
deployment_iks.yml
deployment_iks.yml
 
 
deployment_os.yml
deployment_os.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
sonar-project.properties
sonar-project.properties
 
 

Repository files navigation

IBM Cloud

IBM Cloud Node.js DevSecOps

Create and deploy a Node.js Sample Application using IBM Cloud DevSecOps

DISCLAIMER: This is a guideline sample application and is used for demonstrative and illustrative purposes of Node.js application deployed using IBM Cloud DevSecOps Continuous Integration (CI) and Continuous Deployment (CD) pipelines. This is not a production ready code.

Contents

Scope

This sample contains a simple Node.js microservice that can be deployed to a Kubernetes cluster and provides a simple front-end.

Run the sample

  • Prerequisites:
    • Node.js installed on your machine.
  • Download the source code 
    git clone <git_url>
cd hello-compliance-app
  • Installing dependencies by running npm install from the root folder to install the app’s dependencies.
  • Run npm start to start the app.
  • Access the running app in a browser at http://localhost:8080

Create DevSecOps toolchains

Pre-requisites

  • An IBM Cloud account needs to be setup
  • A Kubernetes cluster exists to deploy the application

More information at DevSecOps Tutorial - Set up prerequisites

Toolchains setup

The DevSecOps toolchains to create and deploy this Node.js sample to IBM Cloud with DevSecOps CI can be created using the following link: DevSecOps CI toolchain.

The DevSecOps CD can be created using the following link: DevSecOps CD toolchain.

Customized scripts for DevSecOps pipelines

The source code of the sample contains a .pipeline-config.yaml file and scripts located in the scripts folder. The .pipeline-config.yaml file is the core configuration file that is used by DevSecOps CI, CD and CC pipelines for all of the stages in the pipeline run processes. Those scripts can be customized if needed just like the .pipeline-config.yaml content.

Configuration of customized stages and scripts

Note: default scripts invoked in various stages of the pipelines are provided by the commons base image and can be configured using specific properties, as described in the documentation Pipeline parameters

The sections below describe additional parameters (specific to these customized scripts) used to configure the scripts used in this sample.

containerize stage

Property Default Description Required
registry-domain the container registry URL domain that is used to build and tag the image. Useful when using private-endpoint container registry.

deploy stage

Property Default Description Required
deployment-file deployment_os.yml or deployment_iks.yml according to the kind of Kubernetes cluster Kubernetes deployment file to apply to the target kubernetes cluster
cookie-secret mycookiesecret cookie secret value for the deployment secret
deploy-ibmcloud-api-key Default to the value of ibmcloud-api-key specific IBM Cloud API key to be used for the deployment to the cluster.

dynamic-scan stage

Property Default Description Required
opt-in-dynamic-scan To enable the OWASP Zap scan.
opt-in-dynamic-api-scan To enable the OWASP Zap API scan.
opt-in-dynamic-api-scan To enable the OWASP Zap UI scan.

release stage

Property Default Description Required
skip-inventory-update-on-failure if set, the inventory update will be done only if there is no failure in the compliance checks

Detect secrets

Detect secrets check is performed as part of the PullRequest pipeline and Continuous Integration pipelines so this repository includes a .secrets.baseline to identify baseline for secrets check.

More information at Configuring Detect secrets scans

Note: detect-secret is configured as a pre-commit hook for this sample repository. See .pre-commit-config.yaml

CRA Scanning

This repository includes a .cra/.cveignore file that is used by Code Risk Analyzer (CRA) in IBM Cloud Continuous Delivery. This file helps address vulnerabilities that are found by CRA until a remediation is available, at which point the vulnerabilities will be addressed in the respective package versions. CRA keeps the code in this repository free of known vulnerabilities, and therefore helps make applications that are built on this code more secure. If you are not using CRA, you can safely ignore this file.

Additional information

Documentation

Troubleshooting

Documentation can be found here.

Report a problem or looking for help

Get help directly from the IBM Cloud development teams by joining us on Slack.

About

Created for toolchain: https://cloud.ibm.com/devops/toolchains/0d6c1cac-fff7-4d7d-a974-91d21783c177?env_id=ibm:yp:us-south

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 16

+ 2 contributors

Languages