Ecquaria DevSecOps Stack

Securing the Entire Application
Lifecycle with DevSecOps

Security is of utmost importance especially when it comes to dealing with government systems and citizens data. Ecquaria DevSecOps Stack bridges the gap between “fast deployment” and “security”, integrating security early into the automated, continuous deployment pipeline, creating trust and confidence by shifting left.

DevSecOps: Creating Trust and Confidence by Shifting Left

Security components such as infrastructure security, code analysis and vulnerability scans are shifted left. Instead of running these security scans after just before deployment, the security practices are ingrained into earlier stages of the development lifecycle.

Secure by Design, Secure Coding Practices, Code Analysis and Vulnerability Scans are now part of the earlier stages of the development lifecycle. Security concerns are flagged out early at the respective stages, facilitating faster and simpler rectification

DevSecOps Optimised for Governments

Optimised for government, Ecquaria DevSecOps Stack spans across the Development Environment and Government Environment. The image can be auto-deployed into the Government Environment with the Ecquaria Docking Services (EDS) component of the stack.

Ecquaria DevSecOps Stack Key Components

Continuous Integration (CI) Pipeline

During development, when developers make changes to the code or develop a new feature, it goes through the Continuous Integration (CI) pipeline once the code is committed to the SCM repository based on Git.

The CI pipeline is an automated pipeline that gets triggered automatically to perform the build, scan, test and release process whenever there are code changes committed to the SCM repository, and hence the name Continuous Integration. Jenkins is used as the platform to manage and execute the CI pipeline.

  • Git-based Source Code Repository

  • 3rd-Party Library Repository

  • Static Code Scan with SonarQube

  • Jenkins CI Management

  • Graphical Analysis of Scans and Checks

  • Software Composition Analysis

  • Automated Functional Testing

  • Dynamic Application Security Test

  • Quality Assurance (QA) Gate

  • Release Gate

  • Deployment Management

Continuous Deployment (CD) Pipeline

Once the build artefacts have been promoted and tagged for release to the respective environments, the Deployment Manager can then deploy to the target environment. Instead of the usual deployment that consists of numerous steps and configurations, deployment is automated using EDS which is a tool for managing deployment.

EDS executes the deployment tasks defined in the Deployment Descriptor attached to the build to automatically deploy the new Docker images and other environmental changes. It simplifies operations, reduces deployment risks, detects problems early and handles the spikes in load – all automatically

One-Click Deployment – Reducing Deployment Risks with Automation

One-Click Deployment with EDS - Screenshot

Day 2 Operations

Upon successful deployment to the various environments, we now move to the operations and maintenance phase of the life cycle. In this phase, EDS is also used for monitoring and managing application services deployed in the environment.

Application services can be individually monitored, scaled in/out, shut down, restarted or updated using EDS, among other operations.

It also has integrated dashboards for server/container resource monitoring as well as regular checking of the health status of the application services running in the environment. Services can also be configured for unattended auto-scaling based on predefined CPU or memory thresholds. This is useful for use cases where the workload can be unpredictable.

Detecting Problems Early with Monitoring

There is a lot to monitor and manage with the explosion of microservices and containers. With EDS, you can now monitor the status and health of all the individual microservices and the application as a whole to detect anomalies and resolve them early.

Node Level Monitoring

Container Level Monitoring

Service Health Monitoring

Container Health Monitoring

Handling Spikes in Load with Auto Scaling

Unpredicted load spikes should not surprise us. EDS addresses the possibility of unpredicted load spikes with node cluster and service level autoscaling. To combat this, EDS monitors the application at both the node cluster and service level, autoscaling resources when required. This provides sufficient resources to handle the sudden increase in load, ensuring that your customer is always satisfied.

Resources

Ecquaria DevSecOps Stack Brochure

DOWNLOAD