Skip to content
GitLab
Explore
Sign in
Register
This is an archived project. Repository and other project resources are read-only.
OSDU Software
Documentation
Wiki
Osdu (c)
Design and implementation
CI CD Pipeline
CI CD Pipeline
· Changes
Page history
Clone of private repository
authored
Dec 21, 2019
by
StephenWhitley
Hide whitespace changes
Inline
Side-by-side
OSDU-(C)/Design-and-Implementation/CI-CD-Pipeline.md
0 → 100644
View page @
8d499113
# CI/CD Pipeline
![
image.png
](
uploads/.attachments/image-1d3f4c4a-f178-4805-8899-704de6f6ce21.png
)
### 1. Artifacts/Maven repo setup
### 2. Docker Registry setup
### 3. Scanning
• Dependency Scanning.
• Container Scanning.
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST).
• License Compliance - FOSS.
### 4. Multi-Project Pipeline
### 5. Deployment to Kubernetes(GKE, AKS, EKS)
### 6. Tools
SAST
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object
SpotBugs is a program to find bugs in Java programs. It looks for instances of “bug patterns” — code instances that are likely to be errors.
# SLB tools
### 1. Whitesource - License compliance and security
### 2. Veracode - Security Testing
### 3. IBM App Scan on the cloud(ASOC)
### 4. IBM App scan for API DAST
### 5. SonarCube - SAST