D

devsecops

A GitLab CI/CD pipeline that builds a hardened UBI9‑STIG Apache container, injects application content, and deploys the image to a local OpenShift cluster.

The BFG is a simpler, faster alternative to git-filter-branch for cleansing bad data (Passwords, Credentials & other Private data)

https://rtyley.github.io/bfg-repo-cleaner/

--The alphabet is not language but a circuit of cognition.

This project serves as a comprehensive reference implementation for enterprise DevSecOps practices, demonstrating how security, automation, and observability integrate seamlessly in modern cloud applications.

LinkSphere is a modern URL shortener built with Go and React. It provides fast link generation, click tracking, and a clean dashboard for managing and analyzing shortened URLs.

This project sets up Static Application Security Testing (SAST) in a GitLab CI/CD pipeline using two tools:

NJSScan → A security scanner specialized for JavaScript applications. It analyzes source code and flags insecure coding patterns and vulnerabilities.

Semgrep → A lightweight, multi-language static analysis tool that uses rulesets (such as p/javascript) to detect vulnerabilities, insecure practices, and style issues across different programming languages.

This project demonstrates how to integrate GitLeaks for secrets scanning into a GitLab CI pipeline, along with a Git pre-commit hook.

Atlas Architect: Your AI Co-pilot for Secure Cloud Infrastructure

This project is an AI-powered DevSecOps agent that lives within GitLab. It proactively analyzes Infrastructure-as-Code (IaC) files, specifically Terraform, to automatically visualize, secure, and optimize a developer's Google Cloud architecture before it's ever deployed.

When a developer submits a Merge Request with Terraform changes, a CI/CD pipeline triggers the agent to post a detailed analysis back as a comment. This provides instant visibility and governance, helping teams build better, safer cloud infrastructure, faster.

Key Features:

AI-Powered Visualization: Generates architecture diagrams from Terraform code using Google's Vertex AI. Security & Cost Analysis: Identifies security vulnerabilities and cost inefficiencies based on best practices. Intelligent Remediation: Automatically suggests code changes to fix identified issues. Vector-Powered Knowledge Base: Uses a MongoDB Atlas Vector Search index of official Google Cloud documentation to provide highly relevant, context-aware explanations for its recommendations.

Core Technologies:

Platform: GitLab CI/CD, Google Cloud Platform (GCP), MongoDB Atlas Services: Google Cloud Run, Google Cloud Build, Google Vertex AI, MongoDB Atlas Vector Search Frameworks & Languages: Python, Flask, Gunicorn

A local Infrastructure-as-Code (IaC) development environment for security and compliance validation. The current iteration uses Terraform and AWS emulation via LocalStack, focusing on IAM roles, secrets management, S3 access control and regulatory policies (e.g., GDPR/HIPAA). Implemented constrained DevSecOps practices within a local development context.

AI-powered security scanner that finds vulnerabilities and provides one-click fixes directly in GitLab merge requests. A reusable CI/CD Catalog component built with Google Cloud Vertex AI.

Basic note-taking application used to learn how to implement DevSecOps with GitLab. Be sure to start by reading the docs!

Google Cloud Shift-left security demonstration containing infrastructure, continuous delivery pipeline and tooling to support security from within a build pipeline

Organisation for #everyonecancontribute cafe sessions (ideas & tasks)

This project focuses on an automated certificate generation service powered by Ansible playbooks.

This project provides a comprehensive infrastructure-as-code solution using Ansible.

This project serves two main purposes: Infrastructure Documentation and Cursor AI Experimentation.

An end to end DevSecOps pipeline with features including SAST Scanning of the Source code, SBOM management, and Container image scan, before pushing to EKS.

Integrate OpenText Application Security (Fortify) with full access to 'fcli' commands for SAST, DAST, SCA, reporting and REST API capabilities.

This repository contains all the CI/CD jobs in a organised manner, which we'll reuse later as a template library.

Shiftleft CLI auto builder for Docker Hub