|
|
# CI/CD Pipeline
|
|
|
|
|
|
|
|
|
![image.png](uploads/.attachments/image-1d3f4c4a-f178-4805-8899-704de6f6ce21.png)
|
|
|
|
|
|
### 1. Artifacts/Maven repo setup
|
|
|
### 2. Docker Registry setup
|
|
|
### 3. Scanning
|
|
|
|
|
|
• Dependency Scanning.
|
|
|
• Container Scanning.
|
|
|
• Static Application Security Testing (SAST)
|
|
|
• Dynamic Application Security Testing (DAST).
|
|
|
• License Compliance - FOSS.
|
|
|
|
|
|
### 4. Multi-Project Pipeline
|
|
|
### 5. Deployment to Kubernetes(GKE, AKS, EKS)
|
|
|
|
|
|
|
|
|
### 6. Tools
|
|
|
|
|
|
SAST
|
|
|
|
|
|
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object
|
|
|
SpotBugs is a program to find bugs in Java programs. It looks for instances of “bug patterns” — code instances that are likely to be errors.
|
|
|
|
|
|
|
|
|
# SLB tools
|
|
|
|
|
|
### 1. Whitesource - License compliance and security
|
|
|
### 2. Veracode - Security Testing
|
|
|
### 3. IBM App Scan on the cloud(ASOC)
|
|
|
### 4. IBM App scan for API DAST
|
|
|
### 5. SonarCube - SAST |