7 A Practical Pipeline for Technical Release Managers

This chapter will be a little different from the rest of this book. In this chapter, you will be shown how to build a docker image containing a simple web application that deploys to AWS ECS using GitHub Actions.

The testing that’s involved with this exercise includes HTML scanning, NodeJS scanning, credential scanning, and dependency scanning. In addition to static application security testing (SAST), the pipeline features the use of OWASP ZAProxy, a dynamic application security scanner. Together, these quality checks ensure the proper implementation of the Document Object Model (DOM), checking for known vulnerabilities in the code, and actively checking for security vulnerabilities in the ...

Get Embracing DevOps Release Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Embracing DevOps Release Management by Joel Kruger

7

A Practical Pipeline for Technical Release Managers

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly