Skip to content

apcj-f5/nap-devsecops-demo

Security in CI/CD pipelines with NGINX App Protect

License Project Status: Active – The project has reached a stable, usable state and is being actively developed. GitHub branch checks state GitHub deploy checks state GitHub commit activity

powered by semgrep pre-commit.ci status OpenSSF Scorecard OpenSSF Best Practices


OWASP ZAP ZAP Baseline Scan OWASP ZAP ZAP Full Scan OWASP ZAP ZAP API Scan
[hapi.f5labs.dev - ZAP Baseline Scan](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"hapi OWASP+ZAP+Baseline+Scan"+in:title) [hapi.f5labs.dev - ZAP Full Scan](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"hapi OWASP+ZAP+Full+Scan"+in:title) [hapi.f5labs.dev - ZAP API Scan](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"hapi OWASP+ZAP+API+Scan"+in:title)
[bank.f5labs.dev - ZAP Baseline Scan](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"bank OWASP+ZAP+Baseline+Scan"+in:title) [bank.f5labs.dev - ZAP Full Scan](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"bank OWASP+ZAP+Full+Scan"+in:title)
[gql.f5labs.dev - ZAP Baseline Scan](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"gql OWASP+ZAP+Baseline+Scan"+in:title) [gql.f5labs.dev - ZAP Full Scan](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"gql OWASP+ZAP+Full+Scan"+in:title)

Maintainers: @shsingh @leonseng

This repository hosts files that demonstrate using F5 security solutions (NGINX App Protect, NGINX App Protect DoS, F5 Distributed Cloud) for post-deployment security in application CI/CD pipelines.

Integrating security into post-deployment processes as part of Continuous Delivery/Continuous Deployment ensure that applications at runtime have proper controls, and can also be checked for compliance.

Repository Information

This repository aims to follow security recommended practices for opensource software and contains the following:

Reference Implementation

The reference implementation uses the HAPI FHIR application. The application provides an example API gateway for digital health use cases. Source code for the application is in the apps directory.

Reference Implementation

Pipeline details


Getting started

  1. Clone or Fork repository
  2. Ensure pre-commit is installed
local-repo-dir# pre-commit install
local-repo-dir# pre-commit run --all-files
  1. Any commits now will run the pre-commit hook changes

Additional information