anas727189/devsecops-pipeline — explained in plain English
Analysis updated 2026-05-18
Study a complete example of an automated, security-scanned CI/CD pipeline on AWS.
Use the Terraform and Ansible setup as a template for provisioning a new EC2 app server.
See how to wire Trivy security scans into both the source code and the built container image.
| anas727189/devsecops-pipeline | edwinjdevops/damolak-challenge | idvoretskyi/akamai-lke-cluster | |
|---|---|---|---|
| Stars | 0 | 0 | — |
| Language | HCL | HCL | HCL |
| Last pushed | — | — | 2026-07-06 |
| Maintenance | — | — | Active |
| Setup difficulty | — | hard | moderate |
| Complexity | — | 3/5 | 3/5 |
| Audience | ops devops | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
DevSecOps Pipeline is a demonstration project that wires together a complete automated software delivery process, from a code push through security scanning, infrastructure creation, deployment, and monitoring, using a set of open-source and cloud tools. The pipeline runs eight stages in sequence. When a developer pushes code to GitHub, Jenkins (an automation server) picks it up. First, Trivy, a security scanning tool, checks the source code for known vulnerabilities in its dependencies. Then Docker packages the application into a container image and pushes it to DockerHub. Trivy then scans that container image for a second round of security checks at the operating-system level. Next, Terraform provisions an AWS EC2 virtual machine with a 20GB storage volume. Ansible then connects to that fresh EC2 instance over SSH, installs Docker, and deploys the application along with the monitoring stack. Finally, Prometheus collects hardware and container metrics, and Grafana visualizes them in dashboards. Security scanning happens at two points rather than one, once before the image is built and once after, so that both application dependencies and container base layers are vetted before anything reaches production. The observability setup uses Prometheus to scrape metrics from a Node Exporter agent running on the server, and Grafana Dashboard 1860 (Node Exporter Full) to display CPU, memory, and disk metrics. The infrastructure code is written in HCL (HashiCorp Configuration Language), Terraform's native language. This is a learning and demonstration project showing a full DevSecOps lifecycle on AWS.
A demo DevSecOps pipeline that scans code for vulnerabilities, builds a container, provisions AWS infrastructure, and deploys with monitoring.
Mainly HCL. The stack also includes Jenkins, Trivy, Docker.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.