Who are we hacking with?

We are hacking with thee open source mentorship to unblock common use cases for enterprise DevSecOps workflows. Fellows are looking to pair with you to get hands on experience with SDLC architecture.

What are we hacking on?

GMT20230413-190412_Recording_3840x2160.mp4

• 2-3 Batch Tasks from the Technical Tracks (Track is first bullet, batch is indented bullet)
• Exit criteria: Rough Draft PR

We’ll build out keys and create issues for them. Here’s a reference for building answer keys

Color coded for: First priority, Second Priority, Nice to have

• Auth - OIDC + IAM Setup in AWS
  • OIDC only
    • CloudFormation template for IAM roles
    • Terraform template
    • OAuth?
  • Documentation
    • How to get this running
    • What did the teams do (What worked well/common questions that came up)
  • Git “Ops” reviewing PRs, etc
  • Access Analyser validating with IAM: Policy validations (CLI tool for cloud formation) and terraform )
• CI
  • Build
  • Build Container
  • Push to ECR
  • Trigger ECR Scan
  • Compliance Security Hardening: GHAS/Lint Scan
• CD Team
  • Deploy to ECS/Fargate (serverless do you want to do kubectl or align it to EKS)
  • Deploy to EKS Cluster

What resources will I have day of?

• Reusable workflow template: 80% of the work is done, we just have to connect it to the app’s stack
• AWS Account/Codespaces for environment set up in minutes
• Fork branch from this repo for each track