DevSecOps Pipeline

📌 Project Overview

This project demonstrates a complete DevSecOps Lifecycle for a Next.js Malware Detection Dashboard. The goal was to build a secure, automated pipeline that provisions cloud infrastructure, identifies security misconfigurations using AI, and deploys the application in a containerized environment on AWS.

🏗️ Architecture Explanation

1. Infrastructure as Code (IaC): AWS resources (EC2, Security Groups) provisioned via Terraform.
2. Continuous Integration: Jenkins automates the build process.
3. Security Scanning: Trivy scans the Terraform files for vulnerabilities before deployment.
4. Containerization: The app is built into a Docker image.
5. Cloud Deployment: Hosted on AWS EC2 (t3.small) and accessible via a public IP on port 3001.

---

📊 Security & Deployment Reports

1. Initial Infrastructure Vulnerabilities

The pipeline's security gate (Trivy) successfully identified critical misconfigurations in the Terraform code, specifically regarding unrestricted public ingress.

2. Jenkins Pipeline Failure

This screenshot shows the pipeline stopping the deployment because the security requirements were not met, demonstrating the "Security-First" approach.

3. Successful Remediation & Build

After using GenAI to remediate the security group rules and scale the instance, the Jenkins pipeline completed all stages successfully.

4. AWS Cloud Instance Status

Proof of the provisioned t3.small instance running in the AWS Mumbai region.

5. Final Application Success

The application is live and accessible.

6. Live Preview Of Application on EC2 instance

App is running on EC2 instance

---

🤖 GenAI Usage Log (Mandatory)

1. The AI Prompt Used:

"How do I fix the Trivy error 'Security group rule allows ingress from public internet' and resolve 'No space left on device' on my AWS instance during a Jenkins build?"

2. Summary of Identified Risks: The AI identified that open ingress rules (0.0.0.0/0) allow the server to be targeted by brute-force attacks. It also diagnosed that the t3.micro instance was insufficient for the Next.js build process, leading to disk space and memory crashes.

3. AI-Recommended Improvements:

• Security: Restricting CIDR blocks to specific IPs for SSH and web access.
• Performance: Vertically scaling the EC2 instance from t3.micro to t3.small to provide 2GB of RAM.
• Optimization: Using a .dockerignore file and a docker system prune command in the Jenkinsfile to manage disk space.

---

🎥 Video Recording

Click here to watch the full project demonstration

---

🚀 How to Run Locally

1. Clone the repo.
2. Build the image: docker-compose build
3. Run: docker-compose up
4. Access at http://localhost:3001