Currently, the main branch of devops-projects is the only supported version.

If you discover a security vulnerability within this repository, please do not disclose it publicly.

Instead, please send an email to the repository owner or open a private security advisory via GitHub. We will address the issue as promptly as possible.

This repository serves as a learning resource and implements modern DevSecOps practices. We heavily feature the following free security tools that students can use in their own projects:

• TruffleHog: Scans for exposed secrets, passwords, and API keys.
• Trivy: A comprehensive and versatile security scanner for containers, Infrastructure as Code (IaC), and software dependencies.
• SonarQube Community: Used for static application security testing (SAST) and code quality analysis.
• Checkov: Static code analysis tool for infrastructure-as-code.
• Super-Linter: GitHub's versatile linting framework.