CI/CD..Pipeline..Security..for..Cloud- 1
Native..Applications..in..AWS
WGU D490 MSCIA Graduate Capstone Task 3
|Latest Update with Complete Solution
CI/CD Pipeline Security for Cloud-Native Applications in AWS
STUDENT
College of IT, Western Governors University
MSCIA Graduate Capstone Task 3
December 1, 2024
A. Policies..Adopted..as..a..Result..of..the..Project
1.. . Cybersecurity..Decision-
Making..Improvement:..The..solution..emphasizes..shifting..security..left,..embedding..security.
.practices..early..in..the..development..process...This..approach..allows..developers..and..security..
teams..to..identify..and..address..vulnerabilities..before..they..reach..production,..minimizing..the..
risks..of..breaches...Automated..tools..(SAST,..DAST,..and..SCA)..integrated..within..the..CI/CD..
pipeline..ensure..that..decision-making..is..driven..by..real-
time,..continuous..insights..into..the..security..posture...This..real-
time..feedback..loop..empowers..teams..to..make..more..informed,..faster..cybersecurity..decision
s.
, CI/CD..Pipeline..Security..for..Cloud- 2
Native..Applications..in..AWS
B. Meeting..Cybersecurity..Assurance..Criteria
• Promotes..Automation..in..Cybersecurity:..The..integration..of..security..tools..such..as..S
onarQube..(SAST),..OWASP..ZAP..(DAST),..and..Checkov..(IaC..scanning)..automates..the
..detection..of..vulnerabilities,..reducing..reliance..on..manual..processes.
• Improves..and..Modernizes..Security:..The..solution..uses..modern..DevSecOps..practices..th
at..embed..security..into..agile..workflows,..ensuring..continuous..security..monitoring..and..tes
ting...The..use..of..cloud-
native..tools..(AWS..KMS,..IAM..Analyzer)..ensures..a..robust..security..infrastructure.
• Implements..Industry-
Standard..Security..Tools:..Tools..like..OWASP..ZAP..and..SonarQube..are..industry-
standard..for..secure..software..development...HashiCorp..Vault..and..Open..Policy..Agent..(OP
A)..ensure..compliance..with..security..policies,..further..aligning..with..best..practices.
C. Data..Collection..and..Implementation..Elements
• Collects..Digital..Evidence:..Tools..like..Prometheus..and..Grafana..collect..logs..and..system..m
etrics,..essential..for..digital..forensics..and..post-
incident..analysis...Vulnerability..scanning..data..and..security..logs..are..also..generated..for..furt
her..analysis.
• Implements..Confidentiality,..Integrity,..and..Availability..(CIA):..Confidentiality..is..enforce
d..through..secure..secrets..management..(HashiCorp..Vault),..integrity..is..assured..by..continuou
s..security..checks..(SAST,..DAST),..and..availability..is..maintained..via..robust..IAM..roles..and..
real-..time..monitoring..with..Prometheus.
Native..Applications..in..AWS
WGU D490 MSCIA Graduate Capstone Task 3
|Latest Update with Complete Solution
CI/CD Pipeline Security for Cloud-Native Applications in AWS
STUDENT
College of IT, Western Governors University
MSCIA Graduate Capstone Task 3
December 1, 2024
A. Policies..Adopted..as..a..Result..of..the..Project
1.. . Cybersecurity..Decision-
Making..Improvement:..The..solution..emphasizes..shifting..security..left,..embedding..security.
.practices..early..in..the..development..process...This..approach..allows..developers..and..security..
teams..to..identify..and..address..vulnerabilities..before..they..reach..production,..minimizing..the..
risks..of..breaches...Automated..tools..(SAST,..DAST,..and..SCA)..integrated..within..the..CI/CD..
pipeline..ensure..that..decision-making..is..driven..by..real-
time,..continuous..insights..into..the..security..posture...This..real-
time..feedback..loop..empowers..teams..to..make..more..informed,..faster..cybersecurity..decision
s.
, CI/CD..Pipeline..Security..for..Cloud- 2
Native..Applications..in..AWS
B. Meeting..Cybersecurity..Assurance..Criteria
• Promotes..Automation..in..Cybersecurity:..The..integration..of..security..tools..such..as..S
onarQube..(SAST),..OWASP..ZAP..(DAST),..and..Checkov..(IaC..scanning)..automates..the
..detection..of..vulnerabilities,..reducing..reliance..on..manual..processes.
• Improves..and..Modernizes..Security:..The..solution..uses..modern..DevSecOps..practices..th
at..embed..security..into..agile..workflows,..ensuring..continuous..security..monitoring..and..tes
ting...The..use..of..cloud-
native..tools..(AWS..KMS,..IAM..Analyzer)..ensures..a..robust..security..infrastructure.
• Implements..Industry-
Standard..Security..Tools:..Tools..like..OWASP..ZAP..and..SonarQube..are..industry-
standard..for..secure..software..development...HashiCorp..Vault..and..Open..Policy..Agent..(OP
A)..ensure..compliance..with..security..policies,..further..aligning..with..best..practices.
C. Data..Collection..and..Implementation..Elements
• Collects..Digital..Evidence:..Tools..like..Prometheus..and..Grafana..collect..logs..and..system..m
etrics,..essential..for..digital..forensics..and..post-
incident..analysis...Vulnerability..scanning..data..and..security..logs..are..also..generated..for..furt
her..analysis.
• Implements..Confidentiality,..Integrity,..and..Availability..(CIA):..Confidentiality..is..enforce
d..through..secure..secrets..management..(HashiCorp..Vault),..integrity..is..assured..by..continuou
s..security..checks..(SAST,..DAST),..and..availability..is..maintained..via..robust..IAM..roles..and..
real-..time..monitoring..with..Prometheus.
