Skip to content

SunainM/DevSecOps

BranchesTags

Repository files navigation

DevSecOps Inventory Manager

This project is a Node.js/Express-based Inventory Manager application that demonstrates a complete DevSecOps CI/CD pipeline. The application provides a display page for users and an admin page to manage inventory items. It is fully automated with a Jenkins pipeline that covers build, test, code quality checks, security scans, deployment, release packaging, and monitoring.

Features

  • Inventory Manager App with user display and admin management page.
  • Backend built with Node.js and Express.js (server.js, app.js).
  • RESTful API endpoints for managing items.
  • Unit tests written in Jest for functionality verification.
  • Dockerized application for consistent deployments.
  • Continuous Integration/Delivery pipeline with Jenkins.
  • Monitoring & observability integrated via New Relic APM.

CI/CD Pipeline Overview

The Jenkins pipeline is defined in the Jenkinsfile and consists of 7 stages:

  1. Build – Install Node.js dependencies with npm ci to ensure a clean build.
    Tools: Node.js, npm

  2. Test – Run Jest unit tests and publish results to Jenkins using JUnit reports.
    Tools: Jest, Jenkins JUnit plugin

  3. Code Quality – Perform static code analysis with SonarQube/SonarCloud and enforce a quality gate.
    Tools: SonarQube, Sonar Scanner

  4. Security – Scan for dependency vulnerabilities using npm audit.
    Tools: npm audit (optionally Snyk/Trivy)

  5. Deployment – Build Docker image and deploy to AWS EC2 using CodeDeploy.
    Tools: Docker, AWS CodeDeploy, EC2

  6. Release – Package artifacts (ZIP) and archive them in Jenkins for rollback or reuse.
    Tools: Jenkins archiveArtifacts, zip

  7. Monitoring – Integrate with New Relic APM to track metrics, throughput, error rate, and deployment markers.
    Tools: New Relic APM

Technologies Used

  • Node.js & Express.js – Backend server & API
  • HTML/JavaScript – Front-end pages (index.html, admin.html)
  • Jest – Unit testing framework
  • SonarQube/SonarCloud – Static code quality analysis
  • npm audit – Dependency vulnerability scanning
  • Docker – Containerization for consistent builds
  • AWS EC2 & CodeDeploy – Cloud deployment
  • New Relic APM – Application performance monitoring

Getting Started

Clone the Repository

git clone https://github.com/SunainM/DevSecOps.git
cd DevSecOps

Install Dependencies

npm ci

Run Locally

node server.js

Visit: http://localhost:3000 Health check endpoint: http://localhost:3000/health

Run Tests

npm test

Deployment

  1. Docker Build:

    docker build -t devsecops-inventory .
docker run -d -p 3000:3000 devsecops-inventory

  2. AWS CodeDeploy:

    • The pipeline deploys the Dockerized app to an EC2 instance.
    • Ensure IAM roles, CodeDeploy agent, and Jenkins AWS credentials are configured.

Monitoring

New Relic APM is used to monitor:

  • Response times
  • Throughput
  • Error rates
  • Deployment markers

Set these environment variables before running:

export NEW_RELIC_LICENSE_KEY=<your-key>
export NEW_RELIC_APP_NAME=DevSecOps-Inventory

Repository Links

  • Jenkinsfile: View
  • Dockerfile: View
  • Sonar Project Config: View

Author

Sunain Mushtaq Computer Science Student – Deakin University SIT223/753 – DevSecOps Project

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages