DevSecOps pipeline for Python based web app using Jenkins, Ansible, AWS, and open-source security tools and checks.

Overview

DevSecOps pipeline for Python Web App

A Jenkins end-to-end DevSecOps pipeline for Python web application, hosted on AWS Ubuntu 20.04

pipeline

psparchitecture

Note: This project is for demonstration purpose with surface level checks only, do not use as it is on production

Checkout project - check out python application project repository with XSS vulnerability

git secret check - check there is no password/token/keys/secrets accidently commited to project github

SCA - check external dependencies/libraries used by the project have no known vulnerabilities

SAST - static analysis of the application source code for exploits, bugs, vulnerabilites

Container audit - audit the container that is used to deploy the python application

DAST - deploy the application, register, login, attack & analyse it from the frontend as authenticated user

System security audit - analyse at the security posture of the system hosting the application

WAF - deploy application with WAF which will filter malicious requests according to OWASP core ruleset

Installation Steps

  1. Clone this repository to your Ubuntu Server (t2-medium recommended)
git clone https://github.com/pawnu/PythonSecurityPipeline.git
  1. Edit the code to make it work on your AWS

    • Change to your AWS subnet vpc_subnet_id
    • Change to your AWS security_group (allow inbound ssh(22), WAF(80), Optional web-app(10007) from your IP ONLY)
    • Create an IAM role which gives full-ec2-access and assign it to your ubuntu server
  2. Run the setup script to create CICD server with Jenkins+pipeline ready to go

cd PythonSecurityPipeline
sudo sh setup-ubuntu.sh
  1. Make sure your firewall allows incoming traffic to port 8080. Then, go to your jenkins server URL
http://your-jenkins-server:8080/
  1. Use the temporary credentials provided on the logs to login. Change your password!
  2. Go to the python pipeline project dashboard, click on "Build Now" button to start it off.

Setting up a Jenkins Pipeline project manually on Local Machine

A sample pipeline is already provided through automation

  1. Click on New Item, input name for your project and select Pipeline as the option and click OK.
  2. Scroll down to Pipeline section - Definition, select "Pipeline script from SCM" from drop down menu.
  3. Select Git under SCM, and input Repository URL.
  4. (Optional) Create and Add your credentials for the Git repo if your repo is private, and click Save.
  5. You will be brought to the Dashboard of your Pipeline project, click on "Build Now" button to start off the pipeline.

To do checks:

  • Select appropriate security tools and sample python project
  • Set up Jenkins server using docker (Dockerfile) and pipeline as code (Jenkinsfile) to run the checks
  • Use ansible to create AWS ec2 test instance, configure the environment, and interact with it
  • Hook up the web-app with modsecurity providing WAF,reverse proxy capabilities
  • Bootstrap with Jenkins API/configfile to setup and automatically create the pipeline job
  • Carry out authenticated DAST scan on the python web app

Report

workspace

Test Author

Project is Licensed Under the

MIT License

Issued to Devanshu Vashishtha | Copyright ©️ 2022-2023 web-codegrammer

You might also like...
Python + AWS Lambda Hands OnPython + AWS Lambda Hands On
Python + AWS Lambda Hands OnPython + AWS Lambda Hands On

Python + AWS Lambda Hands On Python Criada em 1990, por Guido Van Rossum. "Bala de prata" (quase). Muito utilizado em: Automatizações - Selenium, Beau

Aws-cidr-finder - A Python CLI tool for finding unused CIDR blocks in AWS VPCs

aws-cidr-finder Overview An Example Installation Configuration Contributing Over

An open source development framework to help you build data workflows and modern data architecture on AWS.
An open source development framework to help you build data workflows and modern data architecture on AWS.

AWS DataOps Development Kit (DDK) The AWS DataOps Development Kit is an open source development framework for customers that build data workflows and

AWS Auto Inventory allows you to quickly and easily generate inventory reports of your AWS resources.
AWS Auto Inventory allows you to quickly and easily generate inventory reports of your AWS resources.

Photo by Denny Müller on Unsplash AWS Automated Inventory ( aws-auto-inventory ) Automates creation of detailed inventories from AWS resources. Table

A suite of utilities for AWS Lambda Functions that makes tracing with AWS X-Ray, structured logging and creating custom metrics asynchronously easier

A suite of utilities for AWS Lambda Functions that makes tracing with AWS X-Ray, structured logging and creating custom metrics asynchronously easier

Unauthenticated enumeration of services, roles, and users in an AWS account or in every AWS account in existence.

Quiet Riot 🎶 C'mon, Feel The Noise 🎶 An enumeration tool for scalable, unauthenticated validation of AWS principals; including AWS Acccount IDs, roo

Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.

aws-allowlister Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance fr

SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.
SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.

SSH-Restricted SSH-Restricted deploys an SSH compliance rule with auto-remediation via AWS Lambda if SSH access is public. SSH-Auto-Restricted checks

aws-lambda-scheduler lets you call any existing AWS Lambda Function you have in a future time.

aws-lambda-scheduler aws-lambda-scheduler lets you call any existing AWS Lambda Function you have in the future. This functionality is achieved by dyn

Owner
Devanshu Vashishtha
Associate Software Engineer in DevOps at Amdocs India | MERN Stack Mediocre | Open Source @FidelityInternational | Graduate in Computer Engineering
Devanshu Vashishtha
Implement backup and recovery with AWS Backup across your AWS Organizations using a CI/CD pipeline (AWS CodePipeline).

Backup and Recovery with AWS Backup This repository provides you with a management and deployment solution for implementing Backup and Recovery with A

AWS Samples 8 Nov 22, 2022
AWS CloudSaga - Simulate security events in AWS

AWS CloudSaga - Simulate security events in AWS AWS CloudSaga is for customers to test security controls and alerts within their Amazon Web Services (

Amazon Web Services - Labs 325 Dec 1, 2022
Automated AWS account hardening with AWS Control Tower and AWS Step Functions

Automate activities in Control Tower provisioned AWS accounts Table of contents Introduction Architecture Prerequisites Tools and services Usage Clean

AWS Samples 20 Dec 7, 2022
Cedric Owens 16 Sep 27, 2022
Project template for using aws-cdk, Chalice and React in concert, including RDS Postgresql and AWS Cognito

What is This? This repository is an opinonated project template for using aws-cdk, Chalice and React in concert. Where aws-cdk and Chalice are in Pyth

Rasmus Jones 4 Nov 7, 2022
AWS Blog post code for running feature-extraction on images using AWS Batch and Cloud Development Kit (CDK).

Batch processing with AWS Batch and CDK Welcome This repository demostrates provisioning the necessary infrastructure for running a job on AWS Batch u

AWS Samples 7 Oct 18, 2022
This is a repository for the Duke University Cloud Computing course project on Serveless Data Engineering Pipeline. For this project, I recreated the below pipeline.

AWS Data Engineering Pipeline This is a repository for the Duke University Cloud Computing course project on Serverless Data Engineering Pipeline. For

null 15 Jul 28, 2021
Create a roles overview page for all Ansible roles/playbooks in Gitlab

ansible-create-roles-overview Overview The script ./create_roles_overview.py queries a Gitlab API for Ansible roles and playbooks. It will iterate ove

null 2 Oct 11, 2021
MAASTA is a wrapper to create an Ansible inventory for MAAS instances that are provisioned by Terraform.

MAASTA is a wrapper to create an Ansible inventory for MAAS instances that are provisioned by Terraform.

Saeid Bostandoust 144 Dec 16, 2022