This repo contains a simple FastAPI application that is used to demonstrate a DevSecOps pipeline. The pipeline is built using GitHub Actions and Azure Devops, and uses the following tools:
- SonarCloud for static code analysis and code coverage
- Trivy for container image scanning
- OWASP ZAP for dynamic application security testing (DAST)
- Checkov for infrastructure as code (IaC) scanning
- ArgoCD for GitOps deployment of the application
- Kubernetes for container orchestration
- Google Kubernetes Engine for managed Kubernetes clusters
- ArgoRollouts for progressive delivery of the application (canary deployments)