DevSecOps Studio is one of its kind, self contained DevSecOps environment/distribution to help individuals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started, mostly automatic and battle tested during our Practical DevSecOps Courses at https://www.practical-devsecops.com/courses-and-certifications/
DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning/teaching DevSecOps practices with the following features.
- Easy to setup environment with just one command “vagrant up”
- Teaches Security as Code, Compliance as Code, Infrastructure as Code
- With built-in support for CI/CD pipeline
- OS hardening using ansible
- Compliance as code using Inspec
- QA security using ZAP, BDD-Security and Gauntlt
- Static tools like bandit, brakeman, windbags, gitrob, gitsecrets
- Security Monitoring using ELK stack.
- Summary of setup
- Dependencies
- DevSecOps Studio Installation
- What's included in the environment
- How to use the setup
- Todo Features
- Contribution guidelines
- Who do I talk to?
Install Vagrant, Virtualbox, Ansible and Follow the below steps.
# Download the code
$ git clone https://github.com/hysnsec/DevSecOps-Studio.git && cd DevSecOps-Studio
# Download the ansible dependency roles
$ ansible-galaxy install -r requirements.yml -p provisioning/roles
# Setup the environment, takes an hour or less based on your internet speed.
$ vagrant up
Go grab some coffee while DevSecOps Studio does its job.
Yes, that's it, you just setup entire DevSecOps environment with three commands :)
Go ahead and read Practical DevSecOps Lessons on the wiki
DevSecOps Studio uses vagrant
, virtualbox
and ansible
to setup the lab environment. You can visit the vendor's website to download the above software for on Windows/Linux/macOS.
DevSecOps Studio simulates the environment presented below.
- Atleast 4GB of RAM for the virtual machines.
- 60GB of HDD Space.
- Intel i3 Processor or above.
Prerequisites can also be installed via homebrew on MAC OS X
Homebrew: Optional
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew cask install vagrant
brew cask install virtualbox
brew install ansible
Curl Installlation(require root privileges to install tools)
curl -O https://raw.githubusercontent.com/hysnsec/DevSecOps-Studio/master/setup/Linux_DevSecOps_Setup.sh && chmod +x Linux_DevSecOps_Setup.sh && ./Linux_DevSecOps_Setup.sh;
or
Install dependencies using apt-get
sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
sudo apt update
sudo apt install virtualbox
# Looks like vagrant doesn't play nicely if you install with apt
VAGRANT_VERSION=2.2.1
wget https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb
sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb
sudo apt-get install python3 python3-pip
pip install ansible
Easiest solution for windows user is to use DevSecOps Studio Virtualbox Appliance
-
Download DevSecOps-Studio Appliance (4.45 GB) from this link - REMOVED.
-
Import the above Appliance by following these step
Alternatively, Installation can be done using chocolatey by opening up command prompt and using the following command.
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
Install dependencies using choco
choco install vagrant virtualbox git -y
Install ansible via pip
Installation on windows for ansible is not straight forward, please follow these instructions to install cygwin and then install ansible
choco install python3 -y #Installs python 3, includes pip under scripts folder of python3x
pip install ansible
-
Clone this repo or download the zip
$ git clone https://github.com/hysnsec/DevSecOps-Studio.git
-
CD into the directory and check what boxes are available.
$ cd DevSecOps-Studio && vagrant status
-
Download requirement ansible dependencies.
$ ansible-galaxy install -r requirements.yml
-
Ensure the latest verion of Vagrant is installed on your machine
-
Edit the machines.yml file to make any changes, if you are not sure please leave it as default. Meanwhile, go grab some coffee to enjoy :)
vagrant up
You can see how it all fits in DevSecOps pipeline by reading out WIKI
The environment contains the following tools used in different stages of DevSecOps.
Technology | Tools |
---|---|
PenTest Toolkit: | Nmap, Metasploit |
Static Analysis Tools: | Brakeman, bandit, findbugs |
Dynamic Analysis Tools: | ZAP proxy, Gaunlt |
Hardening: | DevSec Ansible OS Hardening |
Compliance: | Inspec |
Operating System : | Ubuntu Xenial (16.04) |
Programming Languages: | Java, Python 3, Ruby/Rails |
Container Technology: | Docker |
Source Code Management: | Gitlab (github like system) |
CI Server: | Gitlab CI/Jenkins |
Configuration Management: | Ansible |
Monitoring and Log management: | Elastic Search, LogStash and Kibana |
Cloud Provider Utilities: | AWS CLI |
Utilities: | Git, Vim, curl, wget, |
- Provision the stack on AWS using vagrant.
- Build Images using Packer and upload to vagrant cloud.
- Add Ansible Testing using molecule.
- Add Container scanning using clair.
- Add Inspec for compliance.
- Fork this repo.
- Contribute (documentation/features)
- Raise a Pull Request (PR)
DevSecOps Studio uses some of the ansible roles from Jeff
- If you have any questions regarding this repo, please contact Mohammed A. Imran @secfigo and Raghunath G @raghunath24