DevSecOps: Secure CI/CD Pipeline

Project 3

Project Description

Built a secure DevSecOps pipeline integrating Snyk and Trivy for vulnerability scanning, along with IAM role-based policies and compliance checks. This ensured that every application deployment was both automated and security-compliant.

Tools & Technologies

  • Version Control: GitHub
  • CI/CD: Jenkins
  • Containers: Docker
  • Orchestration: Kubernetes
  • Security: Snyk (dependency scans), Trivy (image scans)
  • Access Control: IAM Role-based policies
  • Compliance: Automated policy checks in pipeline

Workflow

  1. Code Commit → Developer pushes code to GitHub.
  2. Build Stage → Jenkins builds Docker image.
  3. Security Stage:
    • Snyk scans dependencies.
    • Trivy scans Docker image for CVEs.
  4. IAM & Compliance:
    • IAM policies enforce least privilege.
    • Pipeline blocks deployments failing compliance rules.
  5. Testing → Unit and integration tests.
  6. Deploy → Secure image deployed on Kubernetes.
  7. Monitor → Logs, metrics, and compliance alerts.

Key Achievements

  • Automated build, security, and compliance in a single pipeline.
  • Enforced least-privilege IAM policies across DevOps tools.
  • Prevented insecure builds by auto-blocking failed compliance checks.
  • Reduced deployment risks and improved overall security posture.
← Back to Portfolio