This lab uses demo credentials for educational purposes:

• Username: admin
• Password: DevSecOps2024!

🚨 CRITICAL SECURITY NOTICE:

• These are DEMO CREDENTIALS ONLY - Never use in production!
• The password DevSecOps2024! appears in 20+ files for lab consistency
• This is intentional for educational/demo purposes
• ALWAYS change all credentials before any production use

⚠️ PRODUCTION REQUIREMENTS:

1. Change all default passwords immediately
2. Use environment variables or secrets management
3. Enable proper authentication and authorization
4. Review all configuration files for hardcoded secrets
5. Use strong, unique passwords
6. Enable multi-factor authentication
7. Use secrets management systems

This lab is designed for local development and learning:

• All services run locally on your machine
• No external network exposure by default
• Demo data and intentionally vulnerable applications included

Before using any components in production:

1. Change all default credentials
2. Review and harden all configurations
3. Enable proper authentication and authorization
4. Use secrets management (HashiCorp Vault, AWS Secrets Manager, etc.)
5. Enable network security (TLS, firewalls, etc.)
6. Regular security updates and monitoring

If you discover security vulnerabilities in this lab:

1. DO NOT open a public issue
2. Email the maintainer privately
3. Include detailed reproduction steps
4. Allow time for assessment and fixes

This lab showcases:

• Vulnerability scanning with Trivy, Grype, Syft
• Policy-based security gates
• SBOM generation for supply chain security
• Audit trails and compliance reporting
• Container security best practices

• OWASP DevSecOps Guideline
• NIST Secure Software Development Framework
• Container Security Best Practices

Remember: This is a learning lab. Always follow security best practices in production environments.