D

devsecops

Cloud-native DevOps portfolio project with Docker, Kubernetes, GitLab CI/CD, Terraform, AWS and Trivy.

KAVACH SecureCI — Autonomous security agent for GitLab pipelines. GitLab AI Hackathon 2026.

AI-assisted engineering evaluation framework for tools, pipelines, and compliance-aware platform decisions. Built with Pydantic AI. Supports tool grading, pipeline auditing, NIST/FedRAMP mapping, and supply chain review.

An AI-powered Security Agent built for the GitLab Duo Agent Challenge. Security Guardian automates vulnerability detection and provides suggested fixes directly in the SDLC.

🛡️ K-Guard: Kubernetes Security Automation & Remediation (PoC)

K-Guard is a DevSecOps proof-of-concept focused on automating vulnerability lifecycle and active defense workflows within K3s clusters.

Vulnerability Remediation: Automated image patching workflows using K8s API patches triggered by Trivy scan results. Network Segregation: Policy-as-Code implementation (Ansible) for Ingress hardening and CIDR-based access control. SecOps Alerting: Real-time incident notification system leveraging Cisco Webex API for rapid response. Self-Healing Exploration: Detecting configuration drifts and applying automated state recovery.

🛡️ K-Guard : Pilotage de la Sécurité & Automatisation Kubernetes (MVP)

K-Guard est un outil d'expérimentation DevSecOps conçu pour automatiser les workflows de détection et de remédiation sur clusters K3s. Il explore l'implémentation de la défense active via l'API Kubernetes.

Points Techniques Clés

Vulnerability Management : Pipeline de scan continu (Trivy) avec déclenchement de correctifs via Strategic Merge Patch sur les Deployments. Hardening Réseau : Automatisation de Network Policies (Ansible) pour l'isolation des flux Ingress (filtrage IPs Cloudflare / RFC 1918). Incident Response (IR) : Système d'alerte ChatOps via l'API Cisco Webex pour la notification en temps réel des failles critiques détectées. Infrastructure-as-Code : Logique de remédiation et de déploiement orchestrée via GitLab CI/CD et scripts d'automation (Python/Go).

This repository provides a Terraform framework for managing multiple infrastructure projects through a centralized, reusable architecture.

This POC evaluates the HUGO static site generator framework for potential adoption in our infrastructure documentation projects.

This platform is designed to simplify the resignation process by providing a structured and professional way to craft resignation letters.

The purpose of this POC is to perform a comprehensive proof of concept of the entire process, from development to deployment.

This platform takes a satirical approach to the HR system, offering a humorous yet insightful perspective on navigating salary negotiations and understanding the intricacies of workplace compensation.

This Git repository serves as a valuable resource for centralizing Kubernetes manifests and automating GitOps workflows using Argo CD.

A comprehensive mortgage calculator application written in Rust with a GUI. This tool helps you calculate monthly mortgage payments including principal, interest, property taxes, insurance, PMI, and HOA fees.

Used to showcase GitLab support for Rust.

Scans selected files for patterns stated in rules. This is used in order to find secrets you may have accidentally written to a file. This scanner is used to show how the GitLab vulnerability report can be populated by a custom scanner. You can see a demo of it in action be following the documentation in the Secret List project.

Talk resources, demos, prompts

A fully automated 13-stage DevSecOps CI/CD pipeline that integrates security, compliance, and cloud-native deployment using GitLab CI and Amazon EKS.

The pipeline demonstrates real-world DevSecOps practices including:

• SAST, dependency, container, IaC, and Kubernetes manifest scanning • SBOM generation (CycloneDX) • Automated POA&M creation mapped to NIST controls • Evidence packaging for compliance audits • Secure image push to Amazon ECR • Deployment and validation on Amazon EKS • Full run-to-completion behavior (lab mode) with findings documented rather than blocking

This project showcases an end-to-end secure software supply chain workflow suitable for: cloud engineering, DevOps, cybersecurity, and compliance automation demonstrations.

This repository provides a comprehensive, production-grade blueprint for a modern DevSecOps pipeline. It showcases the integration of GitLab CI/CD, Terraform, HashiCorp Vault, and various security tools to build, test, and deploy a containerized Python application to AWS securely and efficiently.

SafeDep vet CI Component for policy driven vetting of open source dependencies.

A GitLab CI/CD pipeline that builds a hardened UBI9‑STIG Apache container, injects application content, and deploys the image to a local OpenShift cluster.