IBM DevSecOps Reference Implementation - CI Pipeline¶
The CI pipelines (one for backend, one for frontend) build and push the images and run various security and code tests. Only if all checks pass, the application can be deployed to production via the CD pipelines. This assures that new versions can be deployed at any time based on business (not technical) decisions.
Overview:
- Build and push images
- Run various security checks (secret detection, image vulnerabilities, compliance)
- Run various code tests (unit tests, acceptance tests)
- Deploy services to integration/testing Kubernetes namespaces or OpenShift projects
Step 1: The CI pipeline is triggered automatically after the pull request has been merged.¶
Step 2: The CI pipeline reads the configuration.¶
Step 3: The image is built and pushed.¶
Step 4: The backend container is deployed to an integration/testing Kubernetes namespace or OpenShift project.¶
Step 5: The status can be monitored in IBM DevOps Insights.¶
Step 6: The latest successful version is stored in the inventory repo.¶
Step 7: Evidence is collected in the evidence repo¶
Step 8: If the pipeline run has been successful, no issues are created in the compliance issues repo.¶
