一座已落成的思維展演，而非一個持續演進的開源社群專案。 其核心，是在 25 天業餘時間，由人機協作極限衝刺而成的整合實驗；一份，將「詩意、思想與技術」，連同其完整的「程式碼、架構圖、設計決策(ADRs)、開發檢討(AARs)及測試報告」，融合成一體的概念驗證 (POC) 作品。 它，亦是，本工坊五大作品中的「第一基石」。 本專案，已被，完整地，在此，封存於 2025 年 10 月 30 日。

This repository showcases a complete CI/CD pipeline built with Jenkins to enforce DevSecOps principles. It automates every step from code checkout to deployment, integrating SonarCloud for static code analysis, Snyk for dependency scanning, and Slack for notifications.

Verify your app was signed correctly. The service also verifies that the app wasn’t tampered with in any way that may prevent it from running on any mobile device

Java SonarQube Integration

A framework for software security analysis, combining static, dynamic and fuzz testing.

A hands-on lab demonstrating the architectural evolution of a Spring Boot application from a secure monolith to a fully observable, distributed system using modern DevSecOps practices.

Plugin for SDP that enables a Jenkinsfile definition to be declared in one location for an entire repo or organization

Learn DevSecOps with this Demo Application.

Sample Web App with Maven and Jenkins for DevSecOps CI-CD Demo

Intentionally vulnerable repository for demonstration of reachability features

maven pipeline

SecuSphere Jenkins Plugin

Secure delivery tracking system with Spring Boot, React, Docker, and CI/CD via GitHub Actions, featuring integrated DevSecOps tools and JWT authentication.

Reference Implementation about Open Liberty. Build and Deploy API to Azure Kubernetes Services based on DevSecOps Practices

Automated security checks (secrets, dependencies, code, containers)🛡️

Full CI/CD pipelines for employee management application, a Java-based dynamic web application with a database

Mantenimiento de Tipode Cambio (Backend-SpringBoot-JPA-Oracle)