Embed DevSecOps tool to the CI/CD pipeline:
- safety to scan vulnerabilities in Python packages.
- Bandit to find security issues in your Python code.
- Pre-commit to enforce some policy before committing a new code.
- Black as a linting tool.
- Chef InSpec to apply security and compliance policies.
- Implement load testing in the PR testing pipeline.
- Create a Jenkins shared library.
- Send email notifications to users
- Implement basic user auth with Cognito
- Protect your service using WAF or Shield.
- Any other shiny service that interesting you...
- Deploy some interesting Helm Chart in the cluster (Jenkins, RabbitMQ - as an alternative to SQS, OpenVPN client/server).
- Write your app YAMLs as Helm Chart.
- Run some CronJob in the cluster.
- Use ArgoCD to deploy your app.
- Implement some interesting ArgoWF.
- Experimenting with Calico to implement network security in the cluster.
- Experimenting with Istio to implement a service mesh.
- Expose your app through a secured HTTPS.
- Implement Pod identity in EKS instead using the EC2 IAM role.
- Provision the app infrastructure as a code.
- Built a dedicated "IaaC" pipeline in Jenkins
- Use some devsec.hardening Ansible collection to harden the system
- Deploy Prometheus in K8S.
- Enable backup/restore to from ElasticSearch to S3.
- Build some Kibana dashboard
- Improve the logs stream from the k8s cluster to Elasticsearch
- Create some alerts in Grafana (e.g. high CPU rate, container restarts many times etc...)