Elizabeth W
1.1 KiB
1.1 KiB
for the pipeline
languages
The tools we are using to write this in and deploy it
helm pulumi argo workflows?
pipeline
The actual steps in the pipeline
pulumi pulumi crossguard socket.dev argo workflows semgrep trufflehog syft // do we need this as socket.dev or semgrep can do sbom? grype renovate bot kics (keeping infrastructure as code secure)
k8's
Things I assume I need installed in my k8's cluster
infisical argo workflows defectdojo
repository
Things to set on the repository
branch protection
local
Things to add to my chezmoi install so that they are always available but should be mentioned as things the user should have
eslint-plugin-security gitleaks socket cli
Might be needed
Things that we might need. I am unsure if we have other tools that sufficiently cover the security concerns
trivy
For homelab
optional things
These are things that will exist in my homelab eventually, however they are not needed for this pipeline I think
harbor containe registry suse security (neuvector) nexus package caching