Skip to content

asvin00/api-security-pipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
__pycache__
__pycache__
 
 
app
app
 
 
tests
tests
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
buildspec.yml
buildspec.yml
 
 
deployment.yaml
deployment.yaml
 
 
requirements.txt
requirements.txt
 
 
run.py
run.py
 
 
service.yaml
service.yaml
 
 

Repository files navigation

DevSecOps CI/CD Pipeline on AWS (Python App)

Project Overview

This project demonstrates an end-to-end DevSecOps pipeline using AWS and Kubernetes.
It automates build, test, security scanning, containerization, and deployment of a Python application.

Architecture

image

Tech Stack

  • AWS CodePipeline (CI/CD)
  • AWS CodeBuild (Build & Test)
  • AWS ECR (Container Registry)
  • AWS EKS (Kubernetes)
  • Docker
  • Python (Flask)
  • pytest
  • Trivy and Bandit
  • SNS (Notifications)

Project Structure

python-devsecops/
│── app/
│   └── app.py
│── tests/
│   └── test_app.py
│── Dockerfile
│── requirements.txt
│── deployment.yaml
│── service.yaml
│── buildspec.yml
│── architecture.png
│── README.md

Setup Instructions:

  1. Clone Repository
git clone https://github.com/asvin00/python-devsecops.git
cd python-devsecops
  1. Run Application Locally
pip install -r requirements.txt
python run.py

Open in browser:

http://localhost:5000
  1. Run Tests
pytest
  1. Build Docker Image
docker build -t python-devsecops .
  1. Configure AWS
aws configure
  1. Push Image to ECR
docker tag python-devsecops:latest <account-id>.dkr.ecr.ap-south-1.amazonaws.com/python-devsecops:latest

docker push <account-id>.dkr.ecr.ap-south-1.amazonaws.com/python-devsecops:latest
  1. Create EKS Cluster
eksctl create cluster \
  --name devsecops-cluster \
  --region ap-south-1 \
  --node-type t3.medium \
  --nodes 2
  • wait for nearly 45 minutes.
  1. Configure Kubernetes
aws eks update-kubeconfig --region ap-south-1 --name devsecops-cluster
  1. Deploy Application
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
  1. Verify Deployment
kubectl get pods
kubectl get svc
image
  • Open the EXTERNAL-IP in browser.
  1. Setup CodeBuild

  • Go to AWS Console → CodeBuild → Create Project

  • Configure Source:

- Source provider: GitHub
- Repository: Select your repository
- Branch: main
  • Environment Configuration:
- Environment image: Managed image
- OS: Amazon Linux 2
- Runtime: Standard
- Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
- Privileged mode: Enabled (required for Docker)
  • Service Role:
- Create new role or use existing with:
  - ECR access
  - EKS access
  - S3 access
  • Buildspec:
- Use `buildspec.yml` from repository
  • Logs:
- Enable CloudWatch logs
  • Create Build Project
  1. Setup CodePipeline

  • Go to AWS Console → CodePipeline → Create Pipeline

  • Pipeline Settings:

- Pipeline name: devsecops-pipeline
- Service role: Create new role
- Artifact store: Default S3
  • Add Source Stage:
- Source provider: GitHub
- Connect your GitHub account
- Repository: Select your repo
- Branch: main
  • Add Build Stage:
- Build provider: CodeBuild
- Select previously created CodeBuild project
  • Add Deploy Stage (Optional if handled in buildspec):
- You can skip this if deployment is done via `kubectl` in buildspec.yml
  • Review and Create Pipeline
  1. Trigger Pipeline
git add .
git commit -m "Trigger pipeline"
git push origin main

About

CI/CD pipeline demo app

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages