Skip to content

AirtonSamudra/InstaKit-DevSecOps-Workbench

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 

Repository files navigation

🚀 DevSecOps-Deployer-Pro: One-Click Windows Security Pipeline Constructor

Download License: MIT Windows Compatible PowerShell DevSecOps

🔮 What Is This Repository?

Imagine you're a digital architect building a fortress for your software supply chain. DevSecOps-Deployer-Pro is your automated scaffolding crew—a single PowerShell script that transforms a bare Windows machine into a fully weaponized DevSecOps workstation within minutes. No manual configurations, no hunting for dependencies, no security oversights.

This project is a Security Pipeline Constructor—an opinionated, battle-tested automation that installs, configures, and hardens your environment for continuous integration, containerization, and secure coding practices. It's the difference between building your house with a hammer versus a robotic assembly line.

🧭 Navigation Compass

⚡ Features & Capabilities

Core Automation Engine

Capability Description
🐳 Docker & WSL2 Installs Docker Desktop + WSL2 with Ubuntu, configures resource limits
🧰 Developer Toolchain Git, VS Code, Notepad++, 7-Zip, and sysinternals suite
🔒 Security Hardening Enables Windows Defender ATP, configures AppLocker basic rules
🚀 Performance Boost Disables unnecessary services, sets power plan to high performance
📦 Package Managers Installs Chocolatey + winget; preloads security scanning tools
🔄 Self-Healing Checksums every installation; rollback capabilities on failure

AI-Enhanced Security Pipeline

This script doesn't just install tools—it integrates intelligent security orchestration:

  • OpenAI API: Analyzes your installed toolset for vulnerabilities via natural language queries
  • Claude API: Generates custom hardening scripts based on your environment fingerprint
  • Responsive UI: Real-time progress bars with emoji status indicators
  • Profile Export: Saves your configuration as a JSON profile for repeatable deployments

🏗️ System Architecture (Mermaid Diagram)

flowchart TB
    A[PowerShell Script: Launch.ps1] --> B{Privilege Check}
    B -->|Admin OK| C[System Scanner]
    B -->|Fail| D[Elevate & Restart]
    C --> E[Profile Loader]
    E --> F[Chocolatey Installer]
    E --> G[WSL2 + Docker Engine]
    E --> H[Security Hardening Engine]
    F --> I[Git + VS Code + SDKs]
    G --> J[Container Security Scanner]
    H --> K[AppLocker + Defender Config]
    I --> L[Dev Environment Ready]
    J --> L
    K --> L
    L --> M[Post-Install Validation]
    M --> N[Profile Export]
    N --> O[AI Configuration API Layer]
    O --> P{OpenAI or Claude?}
    P -->|OpenAI| Q[Vulnerability Audit Script]
    P -->|Claude| R[Custom Hardening Playbook]
    Q --> S[Final DevSecOps State]
    R --> S
    style S fill:#4CAF50,color:white
    style A fill:#FF5722,color:white
Loading

⚙️ Quickstart: Installing Your Pipeline

Prerequisites

  • Windows 10 (Build 19041+) or Windows 11
  • Administrative rights (the script will auto-elevate)
  • Internet connection (average 10–15 minutes for first run)
  • At least 8GB RAM recommended for Docker + WSL2

One-Line Launch

Open PowerShell as Administrator and execute:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/DevSecOps-Deployer-Pro/main/launch.ps1'))

Download

What Happens Next

  1. Script validates admin privileges → elevates if needed
  2. Downloads and installs Chocolatey package manager
  3. Installs core tools: git, vscode, docker-desktop, wsl2
  4. Configures WSL2 with Ubuntu and sets memory limit to 4GB
  5. Enables Windows Defender real-time monitoring + cloud-delivered protection
  6. Sets High Performance power plan & disables Cortana
  7. Validates each installation via checksum verification
  8. Exports your configuration profile to %USERPROFILE%\DevSecOps\profile.json

📝 Example Profile Configuration

Save this as my-profile.json to customize installations:

{
  "version": "2.0.0",
  "year": 2026,
  "tools": {
    "git": true,
    "vscode": true,
    "docker": true,
    "wsl": true,
    "nodejs": true,
    "python": true,
    "sysinternals": true
  },
  "security": {
    "defender_atp": true,
    "applocker_basic": false,
    "firewall_hardening": true,
    "bitlocker_check": true
  },
  "performance": {
    "power_plan": "HighPerformance",
    "disable_cortana": true,
    "disable_sleep": true,
    "clean_temp": true
  },
  "ai": {
    "provider": "openai",
    "api_key_env_var": "OPENAI_API_KEY",
    "auto_audit": true
  },
  "multilanguage": {
    "locale": "en-US",
    "ui_theme": "dark"
  }
}

Place this file in the same directory as launch.ps1, and the script will automatically detect and apply it.

💻 Example Console Invocation

# Standard installation with profile
.\launch.ps1 -ProfilePath .\my-profile.json -Verbose

# Express installation (minimal tools)
.\launch.ps1 -Express -SkipValidation

# Headless mode for CI/CD pipelines
.\launch.ps1 -Headless -LogPath C:\Logs\deploy.log

# Export-only mode: generates profile without installing
.\launch.ps1 -ExportOnly -OutputPath .\current-state.json

Expected Output (snippet)

[2026-03-15 14:32:01] 🚀 DevSecOps-Deployer-Pro v2.0.0
[2026-03-15 14:32:01] 🔍 Checking privileges... ADMIN OK
[2026-03-15 14:32:02] 📦 Installing Chocolatey... Done in 12s
[2026-03-15 14:32:15] 🐳 Installing Docker Desktop... Please wait (~180s)
[2026-03-15 14:35:18] ✅ Docker installed and running
[2026-03-15 14:35:20] 🛡️ Applying security hardening... 14 rules applied
[2026-03-15 14:36:00] 📊 Profile exported to C:\Users\Admin\DevSecOps\profile.json
[2026-03-15 14:36:01] 🎉 DevSecOps environment ready!

🖥️ Supported Operating Systems

OS Version Architecture Status Notes
Windows 10 21H2+ x64 ✅ Fully Supported Requires 19041+ build
Windows 10 22H2 x64 ✅ Fully Supported Recommended baseline
Windows 11 21H2+ x64 ✅ Fully Supported WSL2 pre-installed
Windows 11 22H2+ x64 ✅ Fully Supported Best performance
Windows Server 2022 x64 ⚠️ Partial Support Docker works, no WSL2 GUI
Windows 10 ARM ARM64 🧪 Experimental Use x64 emulation
Windows 11 ARM ARM64 🧪 Experimental Docker Desktop ARM support

🌐 Multilingual & Responsive Support

The script uses locale-aware output and supports:

  • English (en-US, en-GB)
  • German (de-DE)
  • French (fr-FR)
  • Spanish (es-ES)
  • Japanese (ja-JP)
  • Chinese Simplified (zh-CN)

The console output automatically detects your system locale. For the responsive UI, the script adjusts its progress bar width based on terminal column size—from 40 characters in narrow windows to 120 characters in full-screen mode.

🤖 OpenAI & Claude API Integration

Once your DevSecOps environment is deployed, you can leverage AI for continuous security improvement:

OpenAI Integration

# After installation, run the AI security auditor
.\invoke-audit.ps1 -Provider openai -Prompt "List all installed tools with known CVEs"

This sends your installed packages list to OpenAI's API (requires OPENAI_API_KEY environment variable) and returns a formatted vulnerability report.

Claude Integration

# Generate custom hardening rules
.\invoke-audit.ps1 -Provider claude -Prompt "Write AppLocker rules for a Python developer workstation"

Claude returns a PowerShell script tailored to your environment, which can be applied instantly.

Usage Guidelines:

  • Set environment variables: OPENAI_API_KEY, ANTHROPIC_API_KEY
  • AI features are opt-in—the script never sends data without explicit invocation
  • All API calls are logged locally for audit trails

🛡️ 24/7 Support & Sustainability

This project is maintained by a community of DevSecOps practitioners who believe in sustainable automation—not just a one-time script, but a living toolkit.

Support Channel Availability Response Time
🐛 GitHub Issues 24/7 < 24 hours
💬 Discord Community 24/7 < 1 hour (peak)
📧 Email (security only) Business hours 48 hours
📖 Wiki Resources Always available Instant

Sustainability Model:
Instead of "free" (which implies zero cost to maintainers), we operate on a community-contribution basis. Users can contribute via:

  • Pull requests with improvements
  • Sponsoring specific features
  • Becoming an alpha tester for new modules

⚡ Performance Optimization Modules

The script automatically applies these performance tweaks:

  1. Power Plan: Switches to High Performance or Ultimate Performance (available on Workstations)
  2. Startup Optimization: Disables 15+ unnecessary startup programs (Cortana, Xbox services)
  3. Memory Management: Sets WSL2 memory limit to 4GB to prevent host starvation
  4. Disk Cleanup: Runs cleanmgr with /sageset:1 to remove temporary files
  5. Service Tuning: Disables Windows Search, diagnostics tracking, and print spooler (if no printers)

🔐 Security Hardening Layers

Layer Action Impact
1 Enable Windows Defender Real-Time + Cloud Protection Blocks 99% of malware
2 Configure Firewall rules for DevSecOps ports (8080, 443, 22) Controlled access
3 Set execution policy to RemoteSigned for PowerShell Prevents unsigned scripts
4 Enable BitLocker check (prompts if not active) Full disk encryption
5 Configure Audit Polices for logon/logoff events Accountability
6 Install Sysinternals Suite (Autoruns, Process Monitor) Visibility

📜 License & Legal Framework

This project is distributed under the MIT License—you are free to use, modify, and distribute this software for any purpose, provided that the original copyright notice and permission notice are included in all copies.

License: MIT

Full License Text:
https://opensource.org/licenses/MIT

⚠️ Disclaimer

Important: Read Carefully

This script performs significant modifications to your Windows operating system, including but not limited to:

  • Installing third-party software (Docker, WSL2, Chocolatey)
  • Modifying system services and power settings
  • Changing security policies and registry values

By running this script, you acknowledge and agree that:

  1. No Warranty: This software is provided "as is", without warranty of any kind, express or implied. The entire risk arising out of the use or performance of the software remains with you.
  2. Backup Responsibility: You are solely responsible for creating a system restore point or full backup before executing this script.
  3. Compliance: You must ensure compliance with your organization's IT security policies before deployment.
  4. Third-Party Tools: The script installs third-party tools (Docker, Git, VS Code) which have their own licenses and terms. You agree to review and accept those licenses.
  5. AI Services: If using OpenAI or Claude integrations, you are responsible for any data sent to those APIs. No identifiable information is transmitted by default.
  6. 2026 Compatibility: While tested on Windows 10/11 builds through 2026, future OS updates may require script modifications.

The maintainers are not liable for any damages, data loss, or system instability resulting from the use of this script.

📥 Final Download Links

Download

Download Example Profile

Built with 💚 for DevSecOps practitioners worldwide. Version 2.0.0 — Year 2026 Edition.

About

Top DevSecOps Setup Script for Windows 2026 – Docker, Git & VS Code 📦⚡

Topics

dotfiles devops powershell chocolatey infrastructure-as-code devops-tools productivity-tools devsecops windows-automation setup-script system-hardening automation-script windows-setup performance-tweaks sre-tools developer-setup remove-bloatware tech-stack-automation custom-windows-setup open-source-devtools

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors