DevSecLab Series Introduction
Updated: Oct 26, 2021
For the average security professional, it is relatively easy for someone to snag a blueprint on how to set up their own home-lab. However, for a DevSecOps professional, how-to's and setup guides are extremely difficult to find. Because of this, I would like to share a step by step guide on how to set up your DevSecOps home-lab.
The DevSecLab Series will contain 4 articles with instructions on how to install and configure each tool and operating system. The list of article titles and descriptions are highlighted below:
DevSecLab Series: Server Setup - In this post, we will be using VirtualBox with a single VM running Ubuntu to configure and setup our environment.
DevSecLab Series: Environment Setup - After we install the tools on the servers, we'll begin configuring each tool. This is probably going to be the most boring post, but it is essential.
DevSecLab Series: CI/CD Principles - Before we get into building pipelines and writing code, you must understand CI/CD concepts. We'll cover them all in this post.
DevSecLab Series: Pipeline Time (PT. 1) - In this post, we'll finally get to have some fun!!!! So this is where I'll explain Jenkins pipeline concepts, terms, and give a demonstration of the power of CI/CD pipelines. We'll use a basic Java/Spring webapp with Unit Test cases as well. The results of those unit tests will be published to SonarQube.
DevSecLab Series: Pipeline Time (PT. 2) - In this post, we'll finally get to have even more fun. We will create another pipeline that will leverage all of the services that we've stood up in the Environment Setup blog post. This will include cloning code from a GitLab repository, and publishing results to Sonarqube.
DevSecLab Series: Sonarqube and Code Coverage - In this post, we'll talk about SonarQube a bit and talk about the importance of Code Coverage for your applications.
Just so we're clear; all of the tools mentioned are open-source. Open-source technology is something people can modify and share with others without running into any legal issues because it is publicly accessible.
So if we wanted to make a few modifications to the Jenkins project, we can do so freely. Free is always great... isn't it?!
The first article will be released shortly after this one. Please stay tuned! If you are interested, please subscribe to this to receive updates! :D See y'all soon.