Halo semuanya! Nama saya Timur Gilmullin, saya bekerja di departemen teknologi dan proses pengembangan di Positive Technologies. Secara informal, kami disebut departemen DevOps, dan orang-orang kami terlibat dalam otomatisasi berbagai proses dan membantu pemrogram dan penguji bekerja dengan saluran produk.
, PT Application Inspector . - CI/CD-, CI-. PT Application Inspector โ .
:
DevSecOps- , PT Application Inspector CI- ;
Security Gates, - GitLab;
, .
DevSecOps Positive Technologies
DevSecOps CI/CD- . , PT Application Inspector .
CI/CD- . (Developing), git-, GitLab CI (Unit-Testing + Building). (Deploying) (Functional Testing). Artifactory (Promoting), GUS FLUS- (Publishing GUS/FLUS). (Installing/Updating). (Collecting telemetry), (Monitoring) (User's feedback). .
Security- , , , . . , . , PT Application Inspector, โ , . CI/CD- , MaxPatrol.SIEM - PT Application Firewall.
, DevSecOps, , , . - ยซ ยป โ . , , .
PT Application Inspector Positive Technologies
, . , , DevOps-, . . DevSecOps Positive Technologies.
DevSecOps-, CI- PT Application Inspector , , . , , ; -, DevSecOps- PT Application Inspector .
:
SAST/DAST/IAST- CI- , ( shift-left).
โ . .
PT Application Inspector ยซ ยป, ยซยป โ CI- โ , .
DevSecOps . PT Application Inspector DevSecOps, CI/CD-. Positive Technologies , , .
PT Application Inspector CI-
:
DevOps.BuildAgent โ
Docker.Linux.AISA.Latest/TAG โ - AISA,
AI.Agent โ
AI.Server โ PT Application Inspector
DevOps.GitLab โ
DevOps.GitLab-CI โ CI-
DevOps.Artifactory โ
Docker.Registry โ -
Docker.Linux.AISA โ AISA ( - )
AI.Shell Agent โ AISA, -, API PT Application Inspector
BuildAgent.Console โ
WorkingDirectory โ , ,
, . PT Application Inspector . GitLab CI. GitLab , AISA .
AISA โ Application Inspector Shell Agent. API PT Application Inspector. AISA -, ยซยป .
- AISA CI-, CI- DevOps-. docker registry Artifactory. - AISA.
CI-. :
:
โ PT Application Inspector;
โ .
:
โ CI- AISA ( -).
:
โ ;
โ AISA.
CI-:
โ GitLab CI;
โ TeamCity;
โ ( CLI AISA).
PT Application Inspector , - CI- .
PT Application Inspector
โ , . , , () . , , . AISA. , , .
:
GitLab.
.
build-on-server, . โ CI-. build-on-server , , CI- CI-.
AISA. .
.
, .
. , .
.
AISA- , .
Security Gates. Code Quality Status โ 0, , 1, .
Code Quality Status 0, , . 1 , โ .
Artifactory. .
Security Gates GitLab CI - GitLab. , .
:
, . , AISA GitLab CI.
, โ PT Application Inspector , , . GitLab CI, downstream pipelines, . , , .
, , - GitLab, , , - , Security Gates ( Code Quality Gates SonarQube).
git. , -, - .
Security Gates:
, , Security Gates - GitLab.
Security Gates โ , CI-, : - .
ยซยป Artifactory โ -BANNED , , Security Gates.
yaml-, :
threats mapping โ GitLab ( ) PT Application Inspector ( ). , . , , GitLab Potential, Low, Medium Info.
security gates โ . , - . , . , .
Security Gates . , . .
SonarQube GitLab โ codequality. , -, , . , ยซยป , legacy-, . , .
, , , -. , CI- AISA GitLab CI.
Security Gates:
, Security Gates, Code Quality Status 0 (Passed). - , GitLab ( ) . , , HTML- GitLab CI TeamCity, .
, Security Gates, โ Code Quality Status 1 (Failed) - Draft .
, , , Security Gates , .
-: .
TeamCity -ยซยป, AISA-. HTML- TeamCity, (Tab reports), .
, TeamCity - GitLab.
, Security Gates โ Code Quality Status โ .
Security Gates:
, PT Application Inspector . , . , . GitLab CI.
CI- , . - , . .
โ . , Security Gates -, .
, .gitlab-ci.yml .
Security Gates: Information mode
GitLab CI, (AI Information Mode).
, :
- (Unit tests);
(Build);
(Upload to registry).
GitLab CI gitlab-ci.yml include. :
(Start AI Scan);
AISA (AI-Scanning);
โ (Send info);
โ AISA (AI Scan Report);
Security Gates, โ Code Quality Status (0, Passed / 1, Failed) โ ;
(Send emails).
, -.
Security Gates: Lock mode
(AI Lock Mode) โ . , (include) , , .
, : (running). , Security Gates - GitLab . , .
Security Gates: Strictest mode
, , (AI Strictest Mode) โ . , , , (Approve build). , , Security Gates, , -. - (Draft).
, .
git Security Gates
git-flow :
master โ ;
develop โ -;
feature โ ;
release โ , .
- , . , - .
:
feature- (Information mode). - feature- develop . PT Application Inspector.
develop- (Strictest mode), Security Gates. . , - , .
release- (Lock mode) - master, develop.
master- (Information mode), , , , .
: Security Gates -
2021 . DevSecOps-. , Security Gates , , - Application Inspector .
Open Source dohq-ai-best-practices
GitLab CI TeamCity, PT Application Inspector Open Source dohq-ai-best-practices MIT-. :
-
-
Dockerfile AISA- Windows Linux.
-
DevOps
CI :
ยซ : Continuous Integrationยป (2016)
ยซ : Positive Technologies DevOpsยป (2017)
ยซ -ยป (2018)
ยซ : ยป (2019)
ยซ : DevOpsยป (2020)
ยซDevSecOps: PT Application Inspector ยป (2020)
ยซ DevOps Positive Technologiesยป (2021)
: โ Positive Technologies. PT Application Inspector DevOps-, Open Source.
: โ CI- . PT Application Inspector CI- Open Source.
DevSecOps . : , , , PT Application Inspector, , DevOps Positive Technologies PT Application Inspector , :)