Elizabeth W
48 lines
1.1 KiB
Markdown
48 lines
1.1 KiB
Markdown
# for the pipeline
|
|
## languages
|
|
#### The tools we are using to write this in and deploy it
|
|
helm
|
|
pulumi
|
|
argo workflows?
|
|
|
|
## pipeline
|
|
#### The actual steps in the pipeline
|
|
pulumi
|
|
pulumi crossguard
|
|
socket.dev
|
|
argo workflows
|
|
semgrep
|
|
trufflehog
|
|
syft // do we need this as socket.dev or semgrep can do sbom?
|
|
grype
|
|
renovate bot
|
|
kics (keeping infrastructure as code secure)
|
|
|
|
## k8's
|
|
#### Things I assume I need installed in my k8's cluster
|
|
infisical
|
|
argo workflows
|
|
defectdojo
|
|
|
|
## repository
|
|
#### Things to set on the repository
|
|
branch protection
|
|
|
|
## local
|
|
#### Things to add to my chezmoi install so that they are always available but should be mentioned as things the user should have
|
|
eslint-plugin-security
|
|
gitleaks
|
|
socket cli
|
|
|
|
## Might be needed
|
|
#### Things that we might need. I am unsure if we have other tools that sufficiently cover the security concerns
|
|
trivy
|
|
|
|
# For homelab
|
|
## optional things
|
|
#### These are things that will exist in my homelab eventually, however they are not needed for this pipeline I think
|
|
harbor containe registry
|
|
suse security (neuvector)
|
|
nexus package caching
|
|
|