$30
# DevSecOps Pipeline with GitHub Actions
In 2019, GitHub released its own CI tool called [GitHub Actions](https://github.com/features/actions). According to GitHub, the feature helps developers automate tasks within the software development life cycle. Workflows are event-driven, meaning that after a specified event has occurred, the developer can trigger one or more commands to run on their repository. One advantage of GHA is that developers do not need a separate CI tool since GHA runs directly from GitHub, where the project code is generally located.
The goal for this project is to create a proper DevSecOps pipeline with multiple open source and free tools integrated with one single GitHub Action automation. There is a sample below that you can use to jumpstart your project, but please add at least 3 more tools into the pipeline if you are leveraging the sample. Suggestions: Image Scanning, Unit Testing, Load Testing, Secrets Scanning, Signing, and Validation, etc.
The student would need to have a basic understanding of the following topics to be successful on this project:
* Linux
* YAML
* GitHub Actions
[https://www.trendmicro.com/vinfo/in/security/news/cybercrime-and-digital-threats/github-action-runners-analyzing-the-environment-and-security-in-action](https://www.trendmicro.com/vinfo/in/security/news/cybercrime-and-digital-threats/github-action-runners-analyzing-the-environment-and-security-in-action)
[https://docs.github.com/en/actions](https://docs.github.com/en/actions)
[https://github.com/magnologan/gha-devsecops](https://github.com/magnologan/gha-devsecops)