Java SonarQube Integration

This repository is a Challenge for the DevOps Community to get stronger in DevOps. This challenge starts on the 27th January 2024 and in the next 90 Days we promise ourselves to become better at DevOps. The reason for making this Public is so that others can learn from the community and help each other grow.

I'm slowly migrating my articles from Medium to my own blog. Until then, you can see my all my articles at https://manumagalhaes.medium.com/

90DaysOfDevOps Practice and Example files

A framework for software security analysis, combining static, dynamic and fuzz testing.

This repository contains an intentionally vulnerable Python Flask application used to demonstrate various security testing tools and DevSecOps practices. WARNING: This application contains serious security vulnerabilities. DO NOT use in production!

Cross-platform security audit orchestrator (Bash/Python/PowerShell)

End-to-end Jenkins CI/CD pipeline with Docker, OWASP scanning, SonarQube analysis. AWS EKS deployment via ArgoCD with Prometheus/Grafana monitoring.

Universal K8s template – from local k3s to GKE Autopilot, with dev/staging/prod pipelines powered by Terraform, Helmfile, Argo CD, GitHub Actions, Devbox + Mise, and full security/observability tooling.

Go SDK for DevSecTools API.

TypeScript SDK for DevSecTools API.

FastAPI Demo project weather api kubernetes hello-world azure-devops github-actions fastapi tekton-pipelines

Infra-as-Code for Google Cloud generated using Claude Sonnet 4. Reviewed and continuing to work on. To be used as an open source template for smaller dev teams who could use a jump-start with creating a repeatable cloud environment. Please test and verify everything before pushing to production!!!

🛡️ Lightweight desktop code scanner — heuristics + local AI (StarCoder2‑3B), optional Trivy. Local‑first, MIT.

Container image scanner with CVE checks and CIS benchmarks for secure CI/CD.

The cep-backend project is a comprehensive solution for managing zip codes using cutting-edge technologies and modern development practices. Built primarily with Node.js and JavaScript, this project leverages various tools and platforms such as Docker, npm, MongoDB, Google Cloud Platform (GCP), SonarQube, Snyk, DevSecOps and Terraform.

Verify your app was signed correctly. The service also verifies that the app wasn’t tampered with in any way that may prevent it from running on any mobile device

Jenkins Pipeline, Java based application using Kubernetes, Maven, SonarQube, Docker, Trivy.