DevSecOps Studio is one of its kind, self contained DevSecOps environment/distribution to help individuals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started, mostly automatic and battle tested during our Practical DevSecOps Courses at
DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning/teaching DevSecOps practices with the following features.
- Easy to setup environment with just one command “vagrant up”
- Teaches Security as Code, Compliance as Code, Infrastructure as Code
- With built-in support for CI/CD pipeline
- OS hardening using ansible
- Compliance as code using Inspec
- QA security using ZAP, BDD-Security and Gauntlt
- Static tools like bandit, brakeman, windbags, gitrob, gitsecrets
- Security Monitoring using ELK stack.
- Summary of setup
- Dependencies
- DevSecOps Studio Installation
- What's included in the environment
- How to use the setup
- Todo Features
- Contribution guidelines
- Who do I talk to?
Install Vagrant, Virtualbox, Ansible and Follow the below steps.
# Download the code
$ git clone && cd DevSecOps-Studio
# Download the ansible dependency roles
$ ansible-galaxy install -r requirements.yml -p provisioning/roles
# Setup the environment, takes an hour or less based on your internet speed.
$ vagrant up
Go grab some coffee while DevSecOps Studio does its job.
Yes, that's it, you just setup entire DevSecOps environment with three commands :)
Go ahead and read Practical DevSecOps Lessons on the wiki
DevSecOps Studio uses vagrant
, virtualbox
and ansible
to setup the lab environment. You can visit the vendor's website to download the above software for on Windows/Linux/macOS.
DevSecOps Studio simulates the environment presented below.
- Atleast 4GB of RAM for the virtual machines.
- 60GB of HDD Space.
- Intel i3 Processor or above.
Prerequisites can also be installed via homebrew on MAC OS X
Homebrew: Optional
/usr/bin/ruby -e "$(curl -fsSL"
brew cask install vagrant
brew cask install virtualbox
brew install ansible
Curl Installlation(require root privileges to install tools)
curl -O && chmod +x && ./;
Install dependencies using apt-get
sudo sh -c 'echo "deb xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'
wget -q -O- | sudo apt-key add -
sudo apt update
sudo apt install virtualbox
# Looks like vagrant doesn't play nicely if you install with apt
sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb
sudo apt-get install python3 python3-pip
pip install ansible
Easiest solution for windows user is to use DevSecOps Studio Virtualbox Appliance
Download DevSecOps-Studio Appliance (4.45 GB) from this link - NOT MAINTAINED.
Import the above Appliance by following these step
Alternatively, Installation can be done using chocolatey by opening up command prompt and using the following command.
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString(''))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"
Install dependencies using choco
choco install vagrant virtualbox git -y
Install ansible via pip
Installation on windows for ansible is not straight forward, please follow these instructions to install cygwin and then install ansible
choco install python3 -y #Installs python 3, includes pip under scripts folder of python3x
pip install ansible
Clone this repo or download the zip
$ git clone
CD into the directory and check what boxes are available.
$ cd DevSecOps-Studio && vagrant status
Download requirement ansible dependencies.
$ ansible-galaxy install -r requirements.yml
Ensure the latest verion of Vagrant is installed on your machine
Edit the machines.yml file to make any changes, if you are not sure please leave it as default. Meanwhile, go grab some coffee to enjoy :)
vagrant up
You can see how it all fits in DevSecOps pipeline by reading out WIKI
The environment contains the following tools used in different stages of DevSecOps.
Technology | Tools |
PenTest Toolkit: | Nmap, Metasploit |
Static Analysis Tools: | Brakeman, bandit, findbugs |
Dynamic Analysis Tools: | ZAP proxy, Gaunlt |
Hardening: | DevSec Ansible OS Hardening |
Compliance: | Inspec |
Operating System : | Ubuntu Xenial (16.04) |
Programming Languages: | Java, Python 3, Ruby/Rails |
Container Technology: | Docker |
Source Code Management: | Gitlab (github like system) |
CI Server: | Gitlab CI/Jenkins |
Configuration Management: | Ansible |
Monitoring and Log management: | Elastic Search, LogStash and Kibana |
Cloud Provider Utilities: | AWS CLI |
Utilities: | Git, Vim, curl, wget, |
- Provision the stack on AWS using vagrant.
- Build Images using Packer and upload to vagrant cloud.
- Add Ansible Testing using molecule.
- Add Container scanning using clair.
- Add Inspec for compliance.
- Fork this repo.
- Contribute (documentation/features)
- Raise a Pull Request (PR)
DevSecOps Studio uses some of the ansible roles from Jeff
- If you have any questions regarding this repo, please contact Mohammed A. Imran @secfigo and Raghunath G @raghunath24