Chapter 9: DevSecOps Pipeline with AWS Services and Tools Popular Industry-Wide
In the previous chapter, we created a CI/CD pipeline along with the standard branches using AWS native services, as well as integrating CodeGuru Reviewer and ECR image scanning as security tools to detect any vulnerabilities before we deploy services in an environment. In this chapter, we will learn more about security tools and create a pipeline with security in place at every stage that scans the application for vulnerabilities and notifies us of any. We will start with the concepts related to the Talisman pre-commit hook, the Snyk advisory plugin, Software Composition Analysis (SCA), Static Application Security Testing (SAST) (Anchore), Dynamic Application Security Testing (DAST) (OWASP ZAP), and Runtime Application Self-Protection (RASP) (Falco). After this, we will start planning for the pipeline, then we will learn more about the tools and their installation. Finally, we will integrate all the tools...
