Shubh0808/zero-trust-devsecops-pipeline
GitHub: Shubh0808/zero-trust-devsecops-pipeline
Stars: 1 | Forks: 0
# Zero Trust DevSecOps Pipeline
[](https://github.com/Shubh0808/zero-trust-devsecops-pipeline/actions/workflows/security.yml)
A DevSecOps reference project that demonstrates practical security automation
across source, build, infrastructure, and runtime layers.
## Highlights
- Risk scoring engine that prioritizes findings by severity, exposure, exploit
maturity, and service criticality.
- OPA/Rego policies for Kubernetes admission control.
- Hardened Kubernetes deployment with non-root user, dropped Linux capabilities,
read-only root filesystem, and resource limits.
- Terraform sample with encrypted, versioned storage.
- SBOM generator that fingerprints tracked project files.
- GitHub Actions workflow for tests, CodeQL, dependency audit, Docker build, and
policy checks.
## Security flow
flowchart LR
Commit --> SAST[CodeQL and static checks]
SAST --> SCA[npm audit and dependency review]
SCA --> Build[Docker build]
Build --> SBOM[SBOM fingerprint]
SBOM --> Policy[OPA policy checks]
Policy --> Risk[Risk scoring]
Risk --> Release{Quality gate}
## Run locally
npm test
npm run sbom
## Portfolio talking points
- Shows you can connect security controls to release governance.
- Demonstrates policy-as-code instead of manual checklist security.
- Uses realistic Kubernetes and Terraform examples.
- Includes code, tests, and CI instead of being only diagrams.
标签:自定义脚本