Solution Overview

This lab demonstrates a day in the life of a developer, testing and deploying code with a secure DevSecOps framework consisting of GitLab Enterprise, HashiCorp Vault Enterprise and HashiCorp Terraform Enterprise. This DevSecOps pipeline driven by GitLab CI/CD utilizes its built-in security features such as Container scanning, static application security testing (SAST) and secrets scanning. OSCAP STIG scan is available through the pipeline security testing stage and all reports are available through the Gitlab security dashboard for every run of the pipeline.

HashiCorp Vault Enterprise is used as a centralized secrets management solution, integrates with Gitlab over JWT authentication and provides a secure secret store for the sensitive pipeline variables. HashiCorp Terraform Enterprise provides the automation to deploy the infrastructure following the industry's best practices for Infrastructure as Code (IaC). Terraform Enterprise's Sentinel policy and governance framework provides the guard rails around the infrastructure provisioning following policy as a code (PaC) approach.

Lab Diagram