Serverless AI DevSecOps.

Inspiration

While working as a security engineer i have encountered problem installing the scanners, getting resources from devops. For example Installing Sonarqube and ZAP and then getting them managed is a hassle, however we only need these scanner on code changes for DevSecOps operations.

What it does

It leverages the Services module and run SAST and DAST scanners in the pipeline itself, the generated report is sent to slack analysed with OpenAI, then openAI suggest if this is required to be blocked or not.

How we built it

We built it with python scripts and use services to run scanners, the code are scanned accordingly.

Challenges we ran into

I started this code last few hours ago only, so still working on DAST one. SAST is done.

Accomplishments that we're proud of

This SAST Scanner that i have build, I it successfully for a very heavy repositories. In past i have built DAST scanner on same SOP and it is still securing 100 of repositories with no downfall.

What we learned

I was late, so my learning is to aware about these type of hackathons

What's next for Serverless AI DevSecOps.

Adding DAST and other scanners and make it Lazy DevSecOps for security engineers.

Built With

bash
openai
python

Updates

Raushan Raj started this project — Feb 27, 2024 02:33 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.

Raushan Raj posted an update — Feb 26, 2024 03:42 PM EST

I will start working on it in an hour. Just signed up on Gitlab for the first time in my life. Gitlab is very cool. Now going through the documentation about how to create Components for CI/CD Catalog.

Log in or sign up for Devpost to join the conversation.