A Practical Pipeline for Technical Release Managers
This chapter will be a little different from the rest of this book. In this chapter, you will be shown how to build a docker image containing a simple web application that deploys to AWS ECS using GitHub Actions.
The testing that’s involved with this exercise includes HTML scanning, NodeJS scanning, credential scanning, and dependency scanning. In addition to static application security testing (SAST), the pipeline features the use of OWASP ZAProxy, a dynamic application security scanner. Together, these quality checks ensure the proper implementation of the Document Object Model (DOM), checking for known vulnerabilities in the code, and actively checking for security vulnerabilities in the deployed application in the cloud.
The strategy to accomplish this will be broken down into two parts. First, you will be shown how to provision the necessary ECS infrastructure. Second, you will be shown how to configure the GitHub...
