Skip to content
This repository has been archived by the owner on Feb 8, 2023. It is now read-only.

DevSecOps Implemented

Jump to bottom
Aaron Burk edited this page Jul 16, 2020 · 2 revisions

Development Workflow

  • Technology stack: Node.js, Angular 7, PostgreSQL, Docker, Jenkins, Sonarqube

  • Three long running branches “master” “dev” and “staging” with a transient number of feature branches

Failed Deployment Pipeline

Successful Deployment Pipeline

  • Internal workflow as depicted both failed and successful above:
    • Create a feature branch off the dev branch
    • Commit changes to feature branch
    • If tests pass: Create a “pull request” (pr) targeting the dev branch
    • Merge PR after it has been peer reviewed
    • Run existing tests, plus build tasks and tests
    • Delete feature branch after Jenkins builds and Deploys the application

Deployment Pipeline Overview

  • High level view of the deployment pipeline:
    • Provides a view into a specific deployment, how long a deployment took and what tests passed/failed.
    • Gives you drill down capabilities into logs for each test to assist with remediating issues and dependencies.

Deployment Pipeline Overview

Deployment Pipeline Checks

  • Complete A-Z Build Time from push: 15-20min

  • If any of these tests fail, the request gets kicked back.

  • Tests that run:

    • Pa11y: 508 accessibility compliance testing to WCAG2AA standards.

      • Pa11y is a command line tool that uses HTML CodeSniffer in PhantomJS that reports common errors found in both human and machine readable formats.
      • Documentation for Pa11y can be found here

    • esLint: Checks all code for pre-defined formatting.

      • esLint is a completely pluggable tool that identifies problematic patterns and covers both code quality and coding style issues.
      • Learn more about esLint here

    • Sonarqube: Vulnerability testing.

      • Sonarqube is an open source platform that does continuous automatic code reviews to detect bugs and vulnerabilities on 20+ programming languages.
      • Documentation for Sonarqube can be found here

    • Unit-Testing: Every Angular component has an accompanying Unit test built to ensure all code is functioning the way it should.

      • To learn more about Angular Unit Testing, check here

    • End to End Testing: Building and testing the entire application and suite of tests against itself.

      • To learn more about End to End Testing, check here
Background
How we work
Technical Information
Past efforts
Open Forest Scale Up Tool Box
User Research
Support
Support Manual
Support Guide for Frontline Staff
Product Management Information
Clone this wiki locally