This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP DevSecOps Studio Project"

From OWASP
Jump to: navigation, search
m
m
Line 25: Line 25:
 
==Description==
 
==Description==
  
The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red.  Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category.  The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.
+
DevSecOps Studio is a virtual environment to learn and teach DevSecOps concepts. It uses modern stack like vagrant, ansible, infrastructure as code, DevOps techniques to setup the environment and provides following benefits.
  
Creating a new set of project pages from scratch can be a challenging task.  By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.
+
'''Free & Open Source  Software'''
  
Contextual custom dictionary builder with character substitution and word variations for pen-testers
+
This project is a free and open software  to help more people learn about DevSecOps
 +
 
 +
'''Easy to Setup'''
 +
 
 +
Takes only few mins to setup and start using with just one command
 +
 
 +
'''Reproducible'''
 +
 
 +
The aim of this project is to setup reproducible DevSecOps Lab environment for learning and testing different tools.
 +
 
 +
{| class="wikitable"
 +
!Technology
 +
!Tools
 +
|-
 +
|PenTest Toolkit:
 +
|Nmap, Metasploit
 +
|-
 +
|Static Analysis Tools:
 +
|Brakeman, bandit, findbugs
 +
|-
 +
|Dynamic Analysis Tools:
 +
|ZAP proxy, Gaunlt
 +
|-
 +
|Hardening:
 +
|DevSec Ansible OS Hardening
 +
|-
 +
|Compliance:
 +
|Inspec
 +
|-
 +
|Operating System :
 +
|Ubuntu Xenial (16.04)
 +
|-
 +
|Programming Languages:
 +
|Java, Python 2, Python 3, Ruby/Rails
 +
|-
 +
|Container Technology:
 +
|Docker
 +
|-
 +
|Source Code Management:
 +
|Gitlab (github like system)
 +
|-
 +
|CI Server:
 +
|Gitlab CI/Jenkins
 +
|-
 +
|Configuration Management:
 +
|Ansible
 +
|-
 +
|Monitoring and Log management:
 +
|Elastic Search, LogStash and Kibana
 +
|-
 +
|Cloud Provider Utilities:
 +
|AWS CLI
 +
|-
 +
|Utilities:
 +
|Git, Vim, curl, wget,
 +
|}
 +
 
 +
=== Quick start ===
 +
Install [https://www.vagrantup.com/downloads.html Vagrant], [https://www.virtualbox.org/wiki/Downloads Virtualbox], [http://docs.ansible.com/ansible/latest/intro_installation.html#installation Ansible] and follow the below steps.
 +
 
 +
# Download DevSecOps-Studio Appliance (4.45 GB) from [https://drive.google.com/open?id=1b3Z6BLndohpn_2HHcBfPFUpoSx78OKgG this link]
 +
# Import the above Appliance by following [https://docs.oracle.com/cd/E26217_01/E26796/html/qs-import-vm.html these step]
 +
# Follow the [https://github.com/teacheraio/DevSecOps-Studio/wiki wiki] to embed security as part of DevOps Pipeline.
 +
Go grab some coffee while DevSecOps Studio does its job.
 +
 
 +
=== Detailed Instructions ===
 +
 
 +
More granular details and Installation instructions for various operating systems are below:
 +
 
 +
MacOS X:  https://dso-studio.teachera.io/getting-started/#macos-installation
 +
 
 +
Linux: https://dso-studio.teachera.io/getting-started/#linux-installation
 +
 
 +
Windows: https://github.com/teacheraio/DevSecOps-Studio#windows-optional
  
 
==Licensing==
 
==Licensing==
Line 98: Line 171:
 
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.  
 
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.  
  
Contribution guide is available here
+
Contribution can be done in three easy steps:
 +
* Fork [https://github.com/teacheraio/DevSecOps-Studio DevSecOps-Studio] repo.
 +
* Contribute (documentation/features)
 +
* Raise a Pull Request (PR)
  
 
==If I am not a programmer can I participate in your project?==
 
==If I am not a programmer can I participate in your project?==
Line 133: Line 209:
  
 
===Coding===
 
===Coding===
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests
+
We could implement some of the later items on the roadmap sooner if someone wanted to help out with unit or automated regression tests.
 +
* Fork [https://github.com/teacheraio/DevSecOps-Studio DevSecOps-Studio] repo.
 +
* Contribute (documentation/features)
 +
* Raise a Pull Request (PR)
  
 
===Localization===
 
===Localization===

Revision as of 06:03, 14 April 2018

OWASP Project Header.jpg

OWASP DevSecOps Studio Project

DevSecOps Studio Logo

DevSecOps Studio is one of its kind, self contained DevSecOps environment/distribution to help individuals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started and is mostly automatic.


DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning/teaching DevSecOps practices.

Features:

  • Easy to setup environment with just one command “vagrant up”
  • Teaches Security as Code, Compliance as Code, Infrastructure as Code
  • With built-in support for CI/CD pipeline
  • OS hardening using ansible
  • Compliance as code using Inspec
  • QA security using ZAP, BDD-Security and Gauntlt
  • Static tools like bandit, brakeman, windbags, gitrob, gitsecrets
  • Security Monitoring using ELK stack.

Description

DevSecOps Studio is a virtual environment to learn and teach DevSecOps concepts. It uses modern stack like vagrant, ansible, infrastructure as code, DevOps techniques to setup the environment and provides following benefits.

Free & Open Source  Software

This project is a free and open software  to help more people learn about DevSecOps

Easy to Setup

Takes only few mins to setup and start using with just one command

Reproducible

The aim of this project is to setup reproducible DevSecOps Lab environment for learning and testing different tools.

Technology Tools
PenTest Toolkit: Nmap, Metasploit
Static Analysis Tools: Brakeman, bandit, findbugs
Dynamic Analysis Tools: ZAP proxy, Gaunlt
Hardening: DevSec Ansible OS Hardening
Compliance: Inspec
Operating System : Ubuntu Xenial (16.04)
Programming Languages: Java, Python 2, Python 3, Ruby/Rails
Container Technology: Docker
Source Code Management: Gitlab (github like system)
CI Server: Gitlab CI/Jenkins
Configuration Management: Ansible
Monitoring and Log management: Elastic Search, LogStash and Kibana
Cloud Provider Utilities: AWS CLI
Utilities: Git, Vim, curl, wget,

Quick start

Install VagrantVirtualboxAnsible and follow the below steps.

  1. Download DevSecOps-Studio Appliance (4.45 GB) from this link
  2. Import the above Appliance by following these step
  3. Follow the wiki to embed security as part of DevOps Pipeline.

Go grab some coffee while DevSecOps Studio does its job.

Detailed Instructions

More granular details and Installation instructions for various operating systems are below:

MacOS X: https://dso-studio.teachera.io/getting-started/#macos-installation

Linux: https://dso-studio.teachera.io/getting-started/#linux-installation

Windows: https://github.com/teacheraio/DevSecOps-Studio#windows-optional

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the link to Apache 2 License as published by the Apache Software Foundation, either version 2 of the License, or (at your option) any later version. OWASP DevSecOps Studio and any contributions are Copyright © by Mohammed A. Imran & Raghunath G 2018.

Project Resources

The documentation for this project is available online - https://dso-studio.teachera.io/

Installation Package

Source Code

What's New (Revision History)

Documentation

Wiki Home Page

Issue Tracker

Slide Presentation

Video

Project Leader

Imran Mohammed A. Twitter

Raghunath G

Related Projects

Classifications

Project Type Files TOOL.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png

News and Events

  • [13 Apr 2018] DevSecOps studio became OWASP Project.
  • [23 Feb 2018] DevSecOps Studio announced at DevSecCon Singapore.
  • [16 Nov 2017] DevSecOps Studio started!
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_DevSecOps_Studio_Project&oldid=239895"