DevSecOps pipeline for Python based web app using Jenkins, Ansible, AWS, and open-source security tools and checks.

Overview

DevSecOps pipeline for Python Web App

A Jenkins end-to-end DevSecOps pipeline for Python web application, hosted on AWS Ubuntu 20.04

pipeline

psparchitecture

Note: This project is for demonstration purpose with surface level checks only, do not use as it is on production

Checkout project - check out python application project repository with XSS vulnerability

git secret check - check there is no password/token/keys/secrets accidently commited to project github

SCA - check external dependencies/libraries used by the project have no known vulnerabilities

SAST - static analysis of the application source code for exploits, bugs, vulnerabilites

Container audit - audit the container that is used to deploy the python application

DAST - deploy the application, register, login, attack & analyse it from the frontend as authenticated user

System security audit - analyse at the security posture of the system hosting the application

WAF - deploy application with WAF which will filter malicious requests according to OWASP core ruleset

Installation Steps

  1. Clone this repository to your Ubuntu Server (t2-medium recommended)
git clone https://github.com/pawnu/PythonSecurityPipeline.git
  1. Edit the code to make it work on your AWS

    • Change to your AWS subnet vpc_subnet_id
    • Change to your AWS security_group (allow inbound ssh(22), WAF(80), Optional web-app(10007) from your IP ONLY)
    • Create an IAM role which gives full-ec2-access and assign it to your ubuntu server
  2. Run the setup script to create CICD server with Jenkins+pipeline ready to go

cd PythonSecurityPipeline
sudo sh setup-ubuntu.sh
  1. Make sure your firewall allows incoming traffic to port 8080. Then, go to your jenkins server URL
http://your-jenkins-server:8080/
  1. Use the temporary credentials provided on the logs to login. Change your password!
  2. Go to the python pipeline project dashboard, click on "Build Now" button to start it off.

Setting up a Jenkins Pipeline project manually on Local Machine

A sample pipeline is already provided through automation

  1. Click on New Item, input name for your project and select Pipeline as the option and click OK.
  2. Scroll down to Pipeline section - Definition, select "Pipeline script from SCM" from drop down menu.
  3. Select Git under SCM, and input Repository URL.
  4. (Optional) Create and Add your credentials for the Git repo if your repo is private, and click Save.
  5. You will be brought to the Dashboard of your Pipeline project, click on "Build Now" button to start off the pipeline.

To do checks:

  • Select appropriate security tools and sample python project
  • Set up Jenkins server using docker (Dockerfile) and pipeline as code (Jenkinsfile) to run the checks
  • Use ansible to create AWS ec2 test instance, configure the environment, and interact with it
  • Hook up the web-app with modsecurity providing WAF,reverse proxy capabilities
  • Bootstrap with Jenkins API/configfile to setup and automatically create the pipeline job
  • Carry out authenticated DAST scan on the python web app

Report

workspace

Test Author

Project is Licensed Under the

MIT License

Issued to Devanshu Vashishtha | Copyright ©️ 2022-2023 web-codegrammer

Owner
Devanshu Vashishtha
Associate Software Engineer in DevOps at Amdocs India | MERN Stack Mediocre | Open Source @FidelityInternational | Graduate in Computer Engineering
Devanshu Vashishtha
A program to convert YouTube channel registration information into Json files for ThirdTube.

ThirdTubeImporter A program to convert YouTube channel registration information into Json files for ThirdTube. Usage Japanese https://takeout.google.c

Hidegon 2 Dec 18, 2021
ANKIT-OS/TG-SESSION-HACK-BOT: A Special Repository.Telegram Bot Which Can Hack The Victim By Using That Victim Session

🔰 ᵀᴱᴸᴱᴳᴿᴬᴹ ᴴᴬᶜᴷ ᴮᴼᵀ 🔰 The owner would not be responsible for any kind of bans due to the bot. • ⚡ INSTALLING ⚡ • • 🛠️ Lᴀɴɢᴜᴀɢᴇs Aɴᴅ Tᴏᴏʟs 🔰 • If

ANKIT KUMAR 2 Dec 24, 2021
A WhatsApp Crashing Tool for Termux

CrashW A WhatsApp Crashing Tool For Termux Users Installing : apt update && apt upgrade -y pkg install python3 pkg install git git clone git://gith

Gokul Mahato 20 Dec 27, 2022
A stock information collector and parser for Taiwan and US market. Automatically send LINE message if the pre-defined rules are triggered.

agastock 開發動機 就在海運飆漲的2021年7月,差點跪在地上喜迎財富自由的當下,EPS超高好消息不斷的長榮竟然套在202元一去不回,有圖有真相(哭) 忽然體會到追高殺低不是辦法,魯蛇我得靠邏輯分析也能出頭天,經過三個月無數個不出門的周末,產出簡單的爬蟲和分析工具。 上過金融研訓院的量化交易

Gavin Lee 12 Nov 16, 2022
A python library created to make life easier for Telegram API Developers.

opentele A python library created to make life easier for Telegram API Developers. Read the documentation Features Convert Telegram Desktop tdata sess

103 Jan 02, 2023
This is a telegram bot hosted by a Raspberry Pi equipped with a temperature and humidity sensor. The bot is capable of sending plots and readings.

raspy-temperature-bot This is a telegram bot hosted by a Raspberry Pi equipped with a temperature and humidity sensor. The bot is capable of sending p

31 May 22, 2022
Send OpenWeatherMap alerts (One Call API) to telegram users.

OpenWeatherMap Telegram Alert Send OpenWeatherMap alerts (One Call API) to telegram users. Installation Requirements: $ apt install python3-yaml pytho

Michael Hacker 1 Jun 04, 2022
Activate exitlag trial accounts

Exitlag Account Activator Activate exitlag trial accounts (unlimited trial accounts) ⭐ If you want to support me, follow me on github and star the pro

Benjamin 173 Nov 10, 2022
Python binding for Terraform.

Python libterraform Python binding for Terraform. Installation $ pip install libterraform NOTE Please install version 0.3.1 or above, which solves the

Prodesire 28 Dec 29, 2022
Um script simples para consultar dados, com API's simples.

Info sobre o Script Esta é uma das mais simples ferramentas para consultar dados. Daqui um tempo eu farei um UPGRADE no painel, irei adicionar um banc

Crowley 6 Apr 11, 2022
A discord bot that will help you browse/download nhentai sources.

Risa Introduction Risa is an nHentai discord bot that will help you browse and download your favorite doujin inside your own discord server. Hosting M

markee7 14 Oct 25, 2021
Python SDK for accessing the Hanko Authentication API

Hanko Authentication SDK for Python This package is maintained by Hanko. Contents Introduction Documentation Installation Usage Prerequisites Create a

Hanko.io 3 Mar 08, 2022
A Discord bot to combat phishing links for Steam trades and Discord gifts.

delink-bot A Discord bot to combat phishing links for Steam trades and Discord gifts. Requirement python3 -m pip install -U discord.py python3 -m pip

hugonun 15 Dec 09, 2022
:electric_plug: Generating short urls with python has never been easier

pyshorteners A simple URL shortening API wrapper Python library. Installing pip install pyshorteners Documentation https://pyshorteners.readthedocs.i

Ellison 351 Jan 03, 2023
This is a Python bot, which automates logging in, purchasing and planting the seeds. Open source bot and completely free.

🌻 Sunflower Land Bot 🌻 ⚠️ Warning I am not responsible for any penalties incurred by those who use the bot, use it at your own risk. This BOT is com

Newerton 18 Aug 31, 2022
Telegram music & video bot direct play music

⚡ NOINOI MUSIC PLAYER 🎵 SUPERFAST MUSIC BOT WHO CAN DIRECT PLAY SONG ON TELEGRAM VOICE CHAT ALSO CAN PLAY VIDEO ON VOICE CHATS ✨ Heroku Deploy YOU CA

noinoi-X 1 Dec 28, 2021
Official implementation of DeepSportLab (a fork of OpenPifPaf)

DeepSportLab DeepSportLab: a Unified Framework for BallDetection, Player Instance Segmentationand Pose Estimation in Team Sports Scenes This paper pre

ISPGroupUCL 8 Sep 27, 2022
Discord Streaming Statut (Bot/SelfBot)

Discord-Streaming-Status Discord Streaming Status For Both User Accounts And Bot Accounts. Open your cmd and enter the command: pip install discord BE

Komuro 2 Nov 02, 2021
Script que realiza a identificação de todos os logins e senhas dos wifis conectados em uma máquina e envia os dados para um e-mail especificado.

getWIFIConnection Script que realiza a identificação de todos os logins e senhas dos wifis conectados em uma máquina e envia os dados para um e-mail e

Vinícius Azevedo 3 Nov 27, 2022
It is a temporary project to study discord interactions. You can set permissions conveniently when you invite a particular disk code bot.

Permission Bot 디스코드 내에 있는 message-components 를 연구하기 위하여 제작된 봇입니다. Setup /config/config_example.ini 파일을 /config/config.ini으로 변환합니다. config 파일의 기본 양식은 아

gunyu1019 4 Mar 07, 2022