一座已落成的思維展演，而非一個持續演進的開源社群專案。 其核心，是在 25 天業餘時間，由人機協作極限衝刺而成的整合實驗；一份，將「詩意、思想與技術」，連同其完整的「程式碼、架構圖、設計決策(ADRs)、開發檢討(AARs)及測試報告」，融合成一體的概念驗證 (POC) 作品。 它，亦是，本工坊五大作品中的「第一基石」。 本專案，已被，完整地，在此，封存於 2025 年 10 月 30 日。

TFM: Challenges in DevSecOps, DevSecOps best practices

This repository showcases a complete CI/CD pipeline built with Jenkins to enforce DevSecOps principles. It automates every step from code checkout to deployment, integrating SonarCloud for static code analysis, Snyk for dependency scanning, and Slack for notifications.

Verify your app was signed correctly. The service also verifies that the app wasn’t tampered with in any way that may prevent it from running on any mobile device

Java SonarQube Integration

A hands-on lab demonstrating the architectural evolution of a Spring Boot application from a secure monolith to a fully observable, distributed system using modern DevSecOps practices.

Sample Secure Pipeline with GithHub Actions - Ideal for Open Source Projects

SBOMaster: A SBOM Enhanced DevSecOps Pipeline Framework

Майнд-карта для совместного структурирования проблем с безопасностью веб-приложений и подборки решений для них.

Материалы к вебинару «Обнаружение Log4shell в CI/CD с помощью GitLab».

Sample Web App with Maven and Jenkins for DevSecOps CI-CD Demo

Intentionally vulnerable repository for demonstration of reachability features

SecuSphere Jenkins Plugin

Secure delivery tracking system with Spring Boot, React, Docker, and CI/CD via GitHub Actions, featuring integrated DevSecOps tools and JWT authentication.

Eureka Server for service discovery

maven pipeline

DevSecOps tool to show different interactive maturity models for topics like security, devops, devsecops, agile.

Reference Implementation about Open Liberty. Build and Deploy API to Azure Kubernetes Services based on DevSecOps Practices