Planning for a DevSecOps pipeline
In the last chapter, we created a CI/CD pipeline along with a branching strategy with AWS native security services in place, but in this chapter, we will focus more on the security aspect rather than the branching aspect. We will create a single pipeline that will trigger the security tools to scan, provide the result and deploy the application, and then scan the running application. So, this chapter will not cover all the branches, but you can break the stages and place it into multiple pipelines that we are going to create in a single pipeline. The following diagram shows the sequential steps of the DevSecOps CI/CD pipeline:
Figure 9.1 – DevSecOps pipeline flow
We are going to perform the following tasks to achieve the DevSecOps pipeline:
- We will start by installing the Snyk security advisory plugin in the Visual Studio Code (VS Code) IDE and check for vulnerabilities in the
Catalog_Detailservice code.
...
