# 🔐 8.2CDevSecOps A hands-on **DevSecOps security lab** built as part of my M.S. IT coursework at Deakin University. This project uses a deliberately vulnerable Node.js application to demonstrate real-world security scanning, CI/CD pipeline integration, and containerised deployment. --- ## 🛠️ Tech Stack `Node.js` `JavaScript` `Docker` `Jenkins` `Snyk` `SonarQube` `MongoDB` --- ## 🔍 What This Project Covers - **Vulnerability scanning** — using Snyk to detect known CVEs in npm dependencies - **Static code analysis** — SonarQube integration via `sonar-project.properties` - **CI/CD pipeline** — automated build, test, and security scan via `Jenkinsfile` - **Docker** — containerised app with `Dockerfile` and `docker-compose.yml` - **Security exploits demonstrated:** - NoSQL Injection - Cross-site Scripting (XSS) - Open Redirect - Command Injection - Hardcoded secrets - Directory Traversal --- ## 🚀 Running Locally ```bash # Clone the repo git clone https://github.com/SinghAkashdeep16/8.2CDevSecOps.git cd 8.2CDevSecOps # Install dependencies npm install # Start MongoDB (requires MongoDB 3) docker run --rm -p 27017:27017 mongo:3 # Run the app npm start ``` App runs at: `http://localhost:3001` --- ## 🐳 Running with Docker Compose ```bash docker-compose up --build docker-compose down ``` --- ## 🔬 Security Scanning ```bash # Install Snyk npm install -g snyk # Run vulnerability scan snyk test # Scan Docker image snyk test --docker node:6-stretch --file=Dockerfile ``` --- ## 📁 Project Structure ``` ├── routes/ # Express routes ├── views/ # Handlebars/EJS templates ├── exploits/ # Exploit demonstration scripts ├── tests/ # Test files ├── entity/ # Data entities ├── service/ # Business logic ├── Dockerfile # Container definition ├── Jenkinsfile # CI/CD pipeline └── docker-compose.yml ``` --- ## 👤 Author **Akashdeep Singh** — [github.com/SinghAkashdeep16](https://github.com/SinghAkashdeep16) M.S. Information Technology | Deakin University, Melbourne
🔐 8.2CDevSecOps
A hands-on DevSecOps security lab built as part of my M.S. IT coursework at Deakin University.
This project uses a deliberately vulnerable Node.js application to demonstrate real-world security scanning, CI/CD pipeline integration, and containerised deployment.
🛠️ Tech Stack
Node.js JavaScript Docker Jenkins Snyk SonarQube MongoDB
🔍 What This Project Covers
- Vulnerability scanning — using Snyk to detect known CVEs in npm dependencies
-
Static code analysis — SonarQube integration via
sonar-project.properties -
CI/CD pipeline — automated build, test, and security scan via
Jenkinsfile -
Docker — containerised app with
Dockerfileanddocker-compose.yml -
Security exploits demonstrated:
- NoSQL Injection
- Cross-site Scripting (XSS)
- Open Redirect
- Command Injection
- Hardcoded secrets
- Directory Traversal
🚀 Running Locally
# Clone the repo git clone https://github.com/SinghAkashdeep16/8.2CDevSecOps.git cd 8.2CDevSecOps # Install dependencies npm install # Start MongoDB (requires MongoDB 3) docker run --rm -p 27017:27017 mongo:3 # Run the app npm start
App runs at: http://localhost:3001
🐳 Running with Docker Compose
docker-compose up --build docker-compose down
🔬 Security Scanning
# Install Snyk npm install -g snyk # Run vulnerability scan snyk test # Scan Docker image snyk test --docker node:6-stretch --file=Dockerfile
📁 Project Structure
├── routes/ # Express routes
├── views/ # Handlebars/EJS templates
├── exploits/ # Exploit demonstration scripts
├── tests/ # Test files
├── entity/ # Data entities
├── service/ # Business logic
├── Dockerfile # Container definition
├── Jenkinsfile # CI/CD pipeline
└── docker-compose.yml
👤 Author
Akashdeep Singh — github.com/SinghAkashdeep16
M.S. Information Technology | Deakin University, Melbourne
0 commit comments