Ecquaria DevSecOps Stack
Securing the Entire Application
Lifecycle with DevSecOps
Security is of utmost importance especially when it comes to dealing with government systems and citizens data. Ecquaria DevSecOps Stack bridges the gap between “fast deployment” and “security”, integrating security early into the automated, continuous deployment pipeline, creating trust and confidence by shifting left.
DevSecOps: Creating Trust and Confidence by Shifting Left
Security components such as infrastructure security, code analysis and vulnerability scans are shifted left. Instead of running these security scans after just before deployment, the security practices are ingrained into earlier stages of the development lifecycle.
Secure by Design, Secure Coding Practices, Code Analysis and Vulnerability Scans are now part of the earlier stages of the development lifecycle. Security concerns are flagged out early at the respective stages, facilitating faster and simpler rectification
DevSecOps Optimised for Governments
Optimised for government, Ecquaria DevSecOps Stack spans across the Development Environment and Government Environment. The image can be auto-deployed into the Government Environment with the Ecquaria Docking Services (EDS) component of the stack.
Ecquaria DevSecOps Stack Key Components
Continuous Integration (CI) Pipeline
During development, when developers make changes to the code or develop a new feature, it goes through the Continuous Integration (CI) pipeline once the code is committed to the SCM repository based on Git.
The CI pipeline is an automated pipeline that gets triggered automatically to perform the build, scan, test and release process whenever there are code changes committed to the SCM repository, and hence the name Continuous Integration. Jenkins is used as the platform to manage and execute the CI pipeline.
Git-based Source Code Repository
3rd-Party Library Repository
Static Code Scan with SonarQube
Jenkins CI Management
Graphical Analysis of Scans and Checks
Software Composition Analysis
Automated Functional Testing
Dynamic Application Security Test
Quality Assurance (QA) Gate
Continuous Deployment (CD) Pipeline
Once the build artefacts have been promoted and tagged for release to the respective environments, the Deployment Manager can then deploy to the target environment. Instead of the usual deployment that consists of numerous steps and configurations, deployment is automated using EDS which is a tool for managing deployment.
EDS executes the deployment tasks defined in the Deployment Descriptor attached to the build to automatically deploy the new Docker images and other environmental changes. It simplifies operations, reduces deployment risks, detects problems early and handles the spikes in load – all automatically
One-Click Deployment – Reducing Deployment Risks with Automation
Day 2 Operations
Upon successful deployment to the various environments, we now move to the operations and maintenance phase of the life cycle. In this phase, EDS is also used for monitoring and managing application services deployed in the environment.
Application services can be individually monitored, scaled in/out, shut down, restarted or updated using EDS, among other operations.
It also has integrated dashboards for server/container resource monitoring as well as regular checking of the health status of the application services running in the environment. Services can also be configured for unattended auto-scaling based on predefined CPU or memory thresholds. This is useful for use cases where the workload can be unpredictable.
Detecting Problems Early with Monitoring
There is a lot to monitor and manage with the explosion of microservices and containers. With EDS, you can now monitor the status and health of all the individual microservices and the application as a whole to detect anomalies and resolve them early.
Node Level Monitoring
Container Level Monitoring
Service Health Monitoring
Container Health Monitoring
Handling Spikes in Load with Auto Scaling
Unpredicted load spikes should not surprise us. EDS addresses the possibility of unpredicted load spikes with node cluster and service level autoscaling. To combat this, EDS monitors the application at both the node cluster and service level, autoscaling resources when required. This provides sufficient resources to handle the sudden increase in load, ensuring that your customer is always satisfied.