Skip to content

devsecblueprint/gcp-devsecops-pipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
.github/workflows
.github/workflows
 
 
assets
assets
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

GCP DevSecOps Pipeline

License Terraform Cloud GitHub Issues GitHub Forks GitHub Stars GitHub Last Commit CI Status

This project provides an opinionated DevSecOps pipeline for Google Cloud Platform (GCP), built with Terraform and GitHub Actions. It integrates security best practices into the software development lifecycle to ensure secure, automated infrastructure deployments.

🧱 Project Structure

gcp-devsecops-pipeline/
├── .github/workflows/             # CI/CD pipelines using GitHub Actions
│   ├── default.yml                # Default pipeline for miscellaneous jobs
│   ├── terraform-apply.yml        # Runs Terraform apply operations
│   └── terraform-linter.yml       # Lints Terraform code for best practices
├── assets/                        # Diagrams and visual assets
│   └── infra_architecture.drawio.svg
├── terraform/                     # Main Terraform configuration for GCP
│   ├── data.tf
│   ├── main.tf
│   ├── provider.tf
│   ├── variables.tf
│   └── modules/
│       └── pipelines/             # Reusable Terraform modules
│           ├── main.tf
│           └── variable.tf
├── LICENSE                        # Project license
├── .gitignore                     # Git ignored files
└── README.md                      # Project documentation

🚀 Features

  • Infrastructure as Code (IaC): Uses Terraform to define and manage infrastructure in GCP.
  • Modular Design: Core infrastructure and pipeline logic are separated into reusable modules.
  • Security-first Pipelines: GitHub Actions workflows include a Terraform linter and secure deployment workflow.
  • Visual Architecture Diagram: A visual reference of the infrastructure is provided under assets/.

⚙️ Getting Started

  1. Clone the repository

    git clone https://github.com/<your-org>/gcp-devsecops-pipeline.git
cd gcp-devsecops-pipeline

  2. Initialize and apply Terraform

    cd terraform
terraform init
terraform plan
terraform apply

  3. Review GitHub Workflows

    • Customize .github/workflows/terraform-apply.yml and .github/workflows/terraform-linter.yml as needed for your environment.

📌 Prerequisites

🛡️ Security Considerations

  • Secrets must be stored securely using GitHub repository secrets.
  • Terraform linting helps enforce security standards pre-deployment.
  • Diagrams and modularization promote clarity and maintainability in infrastructure design.

📄 License

This project is licensed under the terms of the LICENSE file.

About

GCP DevSecOps Pipeline with Terraform

Topics

terraform gcp devsecops

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages