Skip to content

Kartik-IN/devsecops-nodejs-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Jenkinsfile
Jenkinsfile
 
 
README.md
README.md
 
 
app.js
app.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

🚀 Production-Ready DevSecOps CI/CD Pipeline

Architecture

📌 Project Overview

This project demonstrates a Production-Ready DevSecOps CI/CD Pipeline built for a Node.js application using modern DevOps and security tools. The pipeline automates the complete software delivery lifecycle including:

  • Continuous Integration
  • Security Scanning
  • Docker Image Build
  • DockerHub Registry Push
  • Automated Deployment on AWS EC2
  • GitHub Webhook Automation

The objective of this project is to implement real-world DevSecOps practices with automated build, scan, and deployment workflows.

🚀 Architecture

Pipeline Architecture

⚙️ Tech Stack

Tool Purpose
GitHub Source Code Management
Jenkins CI/CD Automation
Docker Containerization
SonarQube Static Code Analysis
Trivy Container Vulnerability Scanning
Docker Hub Docker Image Registry
Amazon EC2 Cloud Deployment
Node.js Backend Application Runtime
Linux Server Environment

🔥 CI/CD Pipeline Workflow

Developer Pushes Code
        ↓
GitHub Webhook Trigger
        ↓
Jenkins Pipeline Starts
        ↓
Install Dependencies
        ↓
SonarQube Static Code Analysis
        ↓
Docker Image Build
        ↓
Trivy Vulnerability Scan
        ↓
Push Image to DockerHub
        ↓
Automated Deployment on AWS EC2
        ↓
Live Node.js Application

🔐 Security Features

✅ SonarQube Static Code Analysis ✅ Trivy Container Vulnerability Scanning ✅ Dockerized Deployment ✅ Automated CI/CD Workflow ✅ GitHub Webhook Automation ✅ Cloud Deployment on AWS EC2

📸 Project Screenshots

🔹 Jenkins Pipeline Success

Jenkins Pipeline

🔹 SonarQube Dashboard

SonarQube

🔹 Trivy Vulnerability Scan

Trivy Scan

🔹 DockerHub Repository

DockerHub

🔹 Live Application Deployment

Live App

🚀 Jenkins Pipeline Stages

Clone Code
↓
Install Dependencies
↓
SonarQube Scan
↓
Docker Build
↓
Trivy Security Scan
↓
Push To DockerHub
↓
Deploy Container

📂 Project Structure

devsecops-nodejs-app/
│
├── screenshots/
├── Jenkinsfile
├── Dockerfile
├── package.json
├── app.js
└── README.md

🚀 How to Run Locally

Clone Repository

git clone https://github.com/Kartik-IN/devsecops-nodejs-app.git
cd devsecops-nodejs-app

Install Dependencies

npm install

Run Application

npm start

Build Docker Image

docker build -t nodeapp .

Run Docker Container

docker run -d -p 3000:3000 --name nodeapp-container nodeapp

☁️ AWS Deployment

The application is deployed on an AWS EC2 instance using Docker containers and automated Jenkins deployment pipelines.

🔥 Key Learning Outcomes

  • CI/CD Pipeline Automation
  • DevSecOps Security Integration
  • Docker Containerization
  • AWS Cloud Deployment
  • Jenkins Pipeline Development
  • GitHub Webhook Automation
  • Vulnerability Scanning
  • Linux Server Management
  • Production Deployment Workflow

📈 Future Improvements

  • Kubernetes Deployment
  • Nginx Reverse Proxy
  • HTTPS/SSL Integration
  • Infrastructure as Code using Terraform
  • Monitoring with Prometheus & Grafana

👨‍💻 Author

Kartik Kale

  • DevOps & Cloud Enthusiast
  • Passionate about Automation, CI/CD, and Cloud Infrastructure

⭐ If you found this project useful, give it a star on GitHub!

About

This project demonstrates a **Production-Ready DevSecOps CI/CD Pipeline** built for a Node.js application using modern DevOps and security tools.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages