A vulnerable NodeJS app to demonstrate secure container mangement practices according CIS Docker Benchmark v1.5.0.
The system proposes a DevSecOps framework leveraging static analysis and dynamic analysis tools implemented through GitHub Actions workflow.
- Trivy Security Scanner (Aqua Security)
- Docker Scout CLI
- Docker Bench for Security
- Falco Runtime Threat Detection (Sysdig)
-
Continuous Integration - Static analysis
- Dockerfile scan (Trivy)
- Docker Image scan (docker scout)
- Quickview report
- Base image report
- CVE report
π‘ NOTE: After CI run, Docker Image is available Docker Hub
-
Continuous Deployment - Dynamic analysis
- CIS Benchmark scan (docker-bench)
- Report
- Falco Runtime Event Detection
- Events Log
π‘ NOTE: CD run initiates with the Docker image being deployed on the server
- CIS Benchmark scan (docker-bench)