DevOps tries to ensure all teams involved (dev,ops,security etc) collaborate effectively. In the day and age of multiple deployments per day, Security often becomes a bottleneck. Our solutions aims to assist dev teams to incorporate security into every piec 61E8 e of the puzzle to ensure Security issues are found and dealt with early.
To start with, we will help fix the provisioning phase. We are proposing a simple level based approach to secure servers while being provisioned. The advantage of doing this here is twofold. First we may have test servers on the internet with security (because they contain our code and configuration) and secondly the business features etc. of the application will be working with all the security already in place. This ensures that there are no surprises when the build goes to stage and prod.
Once the above is complete, we will attempt to work on incorporating security to other stages of the process (deployment and build being priority).
We would like to have 3 levels of hardening to be done for provisioning of servers. Each Level can be mapped to a role.
@makash and @jubbaonjeans
We would love to see contributions and improvements, so please fork this repository on GitHub and send us your changes via pull requests.