- Set up Git on CLI
- git config --global user.name First Last
- git config --global user.email email-address
- Set up SSH keys for Github
- Create new folder
- mkdir shiftleft-cicd-demo
- cd shiftleft-cicd-demo
- Create new repository in github.com with name shiftleft-cicd-demo
-
Select Public
-
Leave all checkboxes blank
-
Follow instructions to create repository on the command line
echo "# shiftleft-cicd-demo" >> README.md
git init
git add README.md
git commit -m "first commit"
git branch -M main
git remote add origin [email protected]:chkp-[YOUR_GITHUB_USERNAME]/shiftleft-cicd-demo.git
git push -u origin main
-
- Create github action simple workflow - rename to shiftleft.yml
- Go to github repository → Actions → Set up Simple Workflow → rename blank.yml to shiftleft.yml
- Review yaml syntax
- add credentials into repo secrets
- set env variable secrets in yaml file
- Clone this repo into your home directory:
- Make shiftleft binary executable
- chmod +x ./shiftleft
- Set up cloudguard credentials
- export CHKP_CLOUDGUARD_ID=<cloudguard_api_key_id>
- export CHKP_CLOUDGUARD_SECRET=<cloudguard_api_secret>
- Run code scan
- ./shiftleft code-scan -s .
- Build docker image
- docker build -t chkp-username/myapp ./test-files/
- docker save -o myapp.tar chkp-username/myapp
- ./shiftleft image-scan -i myapp.tar
-
Fork demo app project into your github account - https://github.com/ilavender/demo-app
-
Copy shiftleft executable from the devsecops-training-shiftleft folder into your own shiftleft-cicd-demo folder.
-
In shiftleft.yml add code to perform the following:
- clone demo-app
- run shiftleft source code scan
- build docker image
- docker build -t chkp-rolandop/myapp ./demo-app
- docker save -o myapp.tar chkp-rolandop/myapp
- run shiftleft image scan
- run iac-assessment scan on demo-app/terraform-template folder with AWS CIS foundations terraform ruleset
Note: Figure out the commands to run locally before adding them to shiftleft.yml