Skip to content

HP04Harsh/enterprise-devsecops-gitops-platform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
app
app
 
 
gitops/my-app
gitops/my-app
 
 
README.md
README.md
 
 

Repository files navigation

image

Enterprise DevSecOps & GitOps Monorepo Platform

An enterprise-grade, cloud-native DevSecOps and GitOps platform featuring fully automated CI/CD safety gating, vulnerability scanning, and declarative continuous delivery.

🚀 Architecture & Technical Stack

This repository uses a monorepo structure to manage both application source code and its corresponding GitOps deployment configurations, ensuring an immutable and auditable delivery pipeline.

📂 Repository Structure

--------------------------------------
├── .github/workflows/      # Automated CI/CD pipelines & DevSecOps security gates
├── app/                     # Application source code (JavaScript & Dockerfile)
└── gitops/my-app/           # Declarative Kubernetes manifests / ArgoCD configurations
🛡️ DevSecOps Pipeline & Safety Gating
--------------------------------------

Every code push or pull request triggers a fully automated pipeline designed to catch vulnerabilities and code smells before they hit production:

  1. Linting & Build: Validates code quality and ensures the application compiles cleanly.

  2. SAST Gate (SonarCloud): Analyzes source code for bugs, security vulnerabilities, and code quality hotspots.

  3. Containerization: Builds an enterprise-ready Docker image from the app/ directory.

  4. Vulnerability Scanning (Trivy): Scans the built container image for Known Vulnerabilities (CVEs) and Misconfigurations. Infrastructure as Code (IaC) is automatically evaluated.

  5. Quality Gate: Blocks the deployment if any critical/high vulnerabilities are detected or if SonarCloud quality metrics fail.

🔄 GitOps Deployment Workflow

This platform leverages declarative continuous delivery using ArgoCD:

  • Once the CI pipeline successfully passes all safety gates, the application manifest version in gitops/my-app/ is updated.

  • ArgoCD continuously monitors the gitops/ directory for configuration drift.

  • Any changes made to the Git repository are automatically synchronized and pulled directly into the target Kubernetes cluster, ensuring the cluster's live state perfectly mirrors git truth.

🛠️ Getting Started

Prerequisites

  • A GitHub account with secrets configured for your container registry and SonarCloud token.

  • An active ArgoCD instance connected to your Kubernetes cluster.

Setup Instructions

1.  git clone https://github.com/HP04Harsh/enterprise-devsecops-gitops-platform.git

    cd enterprise-devsecops-gitops-platform
   
2.  **Configure CI Secrets:** Add SONAR\_TOKEN, DOCKERHUB\_USERNAME, and DOCKERHUB\_TOKEN to your GitHub Repository Secrets.
    
3.  **ArgoCD Connection:**Point your ArgoCD application definition to track the main branch of this repository under the gitops/my-app/ path.

About

An enterprise-grade, cloud-native DevSecOps and GitOps monorepo platform featuring fully automated CI/CD safety gating, vulnerability scanning, and declarative continuous delivery using GitHub Actions, SonarCloud, Trivy, and ArgoCD

Topics

docker devsecops-pipeline devsecops-coe-managed devsecops-iac-detected

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages