devsecfranklin/demo_script.md

Last active October 4, 2021 19:28

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/devsecfranklin/eec6db5cef743999cebcb07c921fa1d5.js"></script>
Save devsecfranklin/eec6db5cef743999cebcb07c921fa1d5 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

demo_script.md

Demo Outline

In this quick demo we will take a look at a "Cloud Native" and security-focused lab in GCP.

You can click here to see the reference diagram for the demo.

A Bit About "On Boarding"

cloudbot-call.yml file is added to repo as a GH action
GCP creds are added to the Settings for the repo.
A webhook is created for calls to the Tekton endpoint when commits are made to the repo.

Making a Code Change.

Let's consider what happens when a code change is committed to a GH repository. First, we will see this from the "GitHub user" perspective

Make a pull reuqest on the ps-automation repo
- alter the "top level" Dockerfileso BC will trigger some alerts.
- note the bot writing a message to the PR. The bot could be modified to do all sorts of actions.
- Observe the Tekton pipeline writing results to the PR as a comment

A quick look at the CLoud Function

We can see the code for the bot in GCP.
We can view the logs.
All of this was automated via Terraform but there are many ways.
Consider the Cloud Code extension for VSCode.

Getting the Container from GCR

The container is passed to gcr.io for storage by the Kaniko task in Tekton.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment