Uploaded byeoinhalpin99
47 views

Leveraging the GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment

The document discusses leveraging the GitHub ecosystem for Python projects, specifically focusing on implementing DevSecOps practices within the CI/CD process. It highlights the importance of integrating security early in development, utilizing GitHub workflows and actions for automation, and emphasizes benefits such as streamlined collaboration, automated testing, and visibility into deployment statuses. Presenters Eoin Halpin and Tom Halpin outline their roles in promoting DevSecOps culture and practices for organizations.

Embed presentation

Download to read offline
Leveraging GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment Eoin Halpin, Tom Halpin 16/11/2024
Agenda & Presenters 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 2
Agenda Presenters Public Service Announcement DevOps and DevSecOps GitHub Support for DevSecOps Git Workflows and Actions Conclusions Q&A 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3
Presenters Tom Halpin: DevSecOps Enablement. Help teams move to a DevOps model in support of product-aligned value streams. Facilitate adaption of the associated culture, practices, and tools in organizations. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 4 Eoin Halpin: Data Analyst - Project Management Member of Agile, customer-facing teams focused on delivering value to stakeholders. Help organizations and customers to gain valuable insights from data.
Public Service Announcement 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 5
Public Service Announcement This talk is not a Python Development talk. This talk is a Python DevSecOps talk which will cover using the GitHub eco- system to implement DevSecOps for a Python Application. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 6
DevOps 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 7
DevOps - Definition DevOps is a cultural movement that emphasizes collaboration between software development (Dev) and IT operations (Ops) teams. The goal being to • Shorten the software development lifecycle • Improve deployment frequency • Ensure high-quality software delivery through • Automation • Continuous Integration • Continuous delivery / Continuous Deployment • Rapid Feedback Loops 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 8
DevOps – The Three Ways The three ways form a framework for achieving high performance and continuous improvement within organizations adopting DevOps. • The First Way - Principles of Flow: focuses on optimizing the flow of work from development to operations. This includes continuous delivery and integration, ensuring that code changes are released quickly and reliably. The aim is to minimize work in progress and reduce bottlenecks. • The Second Way - Principles of Feedback: emphasizes the importance of feedback loops at all stages of the development process. This includes automated testing, monitoring, and alerting to gain insights into system performance and user experience. The goal is to learn from failures and successes to improve the system continuously. • The Third Way - Principles of Continual Learning and Experimentation: encourages a culture of innovation, where teams are empowered to experiment and learn from failures. This involves creating a safe environment for risk-taking, allowing for the rapid iteration of processes and practices. The focus is on fostering collaboration, knowledge sharing, and adaptation. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 9
DevOps – Infinity Loop 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 0
DevSecOps - Definition DevSecOps - Is the practice of integrating security throughout the CI/CD process. It grew out of the DevOps movement and builds on the same foundational frameworks. - Focuses on “shifting security left” into active development instead of addressing it after code has been developed. - The objective being to strengthen security and compliance by addressing security concerns as they arise during the development process. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 1
DevSecOps – Infinity Loop 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 2
GitHub – DevSecOps Enablement 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 1 3
GitHub – Workflows & Actions In the context of DevSecOps CI/CD • GitHub Workflows are automated processes that orchestrate various stages of software development, such as building, testing, and deploying applications. • These workflows utilize GitHub Actions, which are individual tasks that perform specific functions—like running tests, checking code quality, or deploying to production • Together they allow teams using GitHub to automate and streamline their continuous integration and continuous deployment pipelines, ensuring faster, more reliable and more secure software delivery. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 4
The Application 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 1 5
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 6 genai-musings - GitHub Organization
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 7 chatting-with-ChatGPT - GitHub Repository
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 8 chatting-with-ChatGPT - OpenAI Integration Hello World for the AI Age
GitHub – Workflows / DevSecOps CI/CD 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 9 Plan No specific workflows. Code linter - (code quality) Spellcheck- (documentation quality) md-links - (checks for broken links in documentation) Build docker_build_push Release docker_build_push Deploy docker_push_readme (updating documentation) Operate No specific workflows. Monitor No specific workflows. Test test (unit/integration tests) coverage (code coverage analysis) bandit (SAST for Python code) codeql (SAST for code analysis) safety (SAST for dependency vulnerability checks) trivy (DAST for container image security scanning)
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 0 chatting-with-ChatGPT – GitHub Workflows
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 1 chatting-with-ChatGPT - test.yaml CI Test Workflow
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 2 chatting-with-ChatGPT - safety.yaml CI SAST Workflow
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 3 chatting-with-ChatGPT - docker-build-push.yaml CD Workflow
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 4 chatting-with- ChatGPT - docker-build- push.yaml CD Workflow – DAST (Trivy)
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 5 genai-musings - Template, Repo Template • Site - https://www.cyberdynesystems.ie • API – https://www.cyberdynesystems.ie/dev/api • API Key - https://www.cyberdynesystems.ie/dev/keys • GitHub Repository - https://github.com/genai-musings/template-repo- template • Docker Image - https://hub.docker.com/r/genaimusings/template-repo- template
GitHub – DevSecOps - Workflow Outputs 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 2 6
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 7 chatting-with-ChatGPT Actions
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 8 chatting-with-ChatGPT - spellcheck.yaml CI Spell Check Workflow - Failure
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 9 chatting-with-ChatGPT - test.yaml CI Unit Test Workflow - Failure
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 0 chatting-with-ChatGPT – docker-build-push.yaml CI Workflow – GitHub Action Node Module Depreciation Failure
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 1 chatting-with-ChatGPT - docker-build-push.yaml CD Workflow – DAST - Failure
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 2 Docker Hub - genaimusings
Conclusions 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 3 3
Conclusions 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 4 This session highlighted the benefits of using the GitHub ecosystem for implementing DevSecOps and CI/CD practices for Python applications. Benefits highlighted included: • Streamlined Collaboration – through pull requests and code reviews. • Integrated SAST and DAST Security Practices – via GitHub Actions and Dependabot. • Automated Testing and Deployment – implemented using GitHub Actions speeds up delivery. • Visibility and Monitoring – insights provided into commit history, release management and deployment statuses. • Scalability and Flexibility - the support for an extensive range of integrations and tools tailored for Python applications that can be incorporated in CI/CD pipelines.
Q&A & Thanks 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 3 5

More Related Content

PDF
Gitops Cookbook Second Early Release Natale Vinto Alex Soto Bueno
byrockesakkay
 
PDF
Portable CI wGitLab and Github led by Gavin Pickin.pdf
byOrtus Solutions, Corp
 
PDF
PDF GitOps Cookbook (Third Early Release) Natale Vinto download
byxamysakuchuk
 
PDF
DevOps -Engineer-Training-Online-Courses
bypraveena03290906
 
PDF
DevOps Engineer Training course online
bypraveena03290906
 
PDF
DevOps-Engineer-Training-Courses -Online
bypraveena03290906
 
PDF
Devops -Engineer-Training-Courses-Online
bypraveena03290906
 
PPTX
DevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furious
byDevOps_Fest
 
Gitops Cookbook Second Early Release Natale Vinto Alex Soto Bueno
byrockesakkay
 
Portable CI wGitLab and Github led by Gavin Pickin.pdf
byOrtus Solutions, Corp
 
PDF GitOps Cookbook (Third Early Release) Natale Vinto download
byxamysakuchuk
 
DevOps -Engineer-Training-Online-Courses
bypraveena03290906
 
DevOps Engineer Training course online
bypraveena03290906
 
DevOps-Engineer-Training-Courses -Online
bypraveena03290906
 
Devops -Engineer-Training-Courses-Online
bypraveena03290906
 
DevOps Fest 2019. Дмитрий Лагоза. CD for StartUp, cheap and furious
byDevOps_Fest
 

Similar to Leveraging the GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment

PDF
GitOps Cookbook (Third Early Release) Natale Vinto
byheeressiepel
 
PPTX
What is DevOps And How It Is Useful In Real life.
byanilpmuvvala
 
PDF
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
bysparkfabrik
 
PPTX
What_is_DevOps_how_it's_very_useful_in_daily_Life.
byanilpmuvvala
 
PDF
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
byWeaveworks
 
PDF
DevSec Lab Syllabus.pdf syallabus for DEvelopment and security lab
bykrshewale
 
PDF
Innovative DevOps Project Ideas for Students to Practice with Industry.pdf
byrose
 
PPTX
DevOps_Lecture notes_Tb_jen_ki_zen_.pptx
byjmailsaid
 
PDF
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
byDaniel Bryant
 
PDF
GitOps 101 Presentation.pdf
byssuser31375f
 
PDF
Perforce helix git swarm jan 2016(pva1) meetup
bydsdata systems
 
PDF
Python-for-DevOps-Learn-Ruthlessly-Effective-Automation-by-Noah-Gift_-Kennedy...
byMinhTrnNht7
 
PDF
(Ebook) Python for DevOps: Learn Ruthlessly Effective Automation by Noah Gift...
bybetshanumo
 
PDF
DevOps - A Purpose for an Institution.pdf
byVishwas N
 
PDF
How open source is driving DevOps innovation: CloudOpen NA 2015
byGordon Haff
 
PDF
Speeding up your team with GitOps
byBrice Fernandes
 
PDF
Delivering Quality at Speed with GitOps
byWeaveworks
 
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
byWeaveworks
 
PDF
Promise of DevOps
byJuraj Hantak
 
PDF
A model of Test Driven Infrastructure
byMarc Saettel
 
GitOps Cookbook (Third Early Release) Natale Vinto
byheeressiepel
 
What is DevOps And How It Is Useful In Real life.
byanilpmuvvala
 
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
bysparkfabrik
 
What_is_DevOps_how_it's_very_useful_in_daily_Life.
byanilpmuvvala
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
byWeaveworks
 
DevSec Lab Syllabus.pdf syallabus for DEvelopment and security lab
bykrshewale
 
Innovative DevOps Project Ideas for Students to Practice with Industry.pdf
byrose
 
DevOps_Lecture notes_Tb_jen_ki_zen_.pptx
byjmailsaid
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
byDaniel Bryant
 
GitOps 101 Presentation.pdf
byssuser31375f
 
Perforce helix git swarm jan 2016(pva1) meetup
bydsdata systems
 
Python-for-DevOps-Learn-Ruthlessly-Effective-Automation-by-Noah-Gift_-Kennedy...
byMinhTrnNht7
 
(Ebook) Python for DevOps: Learn Ruthlessly Effective Automation by Noah Gift...
bybetshanumo
 
DevOps - A Purpose for an Institution.pdf
byVishwas N
 
How open source is driving DevOps innovation: CloudOpen NA 2015
byGordon Haff
 
Speeding up your team with GitOps
byBrice Fernandes
 
Delivering Quality at Speed with GitOps
byWeaveworks
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
byWeaveworks
 
Promise of DevOps
byJuraj Hantak
 
A model of Test Driven Infrastructure
byMarc Saettel
 

Recently uploaded

PPTX
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
PDF
Building With Gemini: Hands-On AI for Developers
byhemish04082005
 
PPTX
Odoo vs SAP – Which ERP Is Better for Growing Businesses?
bySatishKumar2651
 
PDF
REST in Peace (Laravel Senegal Meetup 2025)
byWendell Adriel
 
PPTX
Best Application Development Consulting Company in Houston
byDesss Applying Technologies
 
PDF
Job Interview for Global Federal Government MD Panel Presentation
byafnupe09
 
PPTX
Dreamforce ‘25 Tour: Boost Productivity with AI-Assisted API Development
byPriya Shaw
 
PPTX
Aviation Fleet Management Software for Airlines & Operators
bySISGAIN
 
PDF
Mitr Sarthi: A Smart ERP for Modern Manufacturers
byGamavis Software Solutions
 
PDF
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
PDF
DSD-INT 2025 Flexible quadtree submodelling with MODFLOW 6 - Case Hegewarren ...
byDeltares
 
PDF
DSD-INT 2025 An Introduction to MODFLOW 6 Solver Settings (Without the Agoniz...
byDeltares
 
PPTX
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
PDF
SXP Market 2025-2035: $6.1B Future of Student Experience Platforms
bySatyanarayan Shambhu
 
PDF
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
PDF
IT Asset Lifecycle Management Solution | Infraon
byEverestIMS Technologies Pvt. Ltd
 
PDF
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
PPTX
Testing Strategies for Agile Teams in 2026
byMatt Calder
 
PDF
DSD-INT 2025 Multi-scale modeling to simulate Land Subsidence in the Central ...
byDeltares
 
PPT
Data Structure & Algorithm Lec- HeapSort.ppt
bypanhra1
 
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
Building With Gemini: Hands-On AI for Developers
byhemish04082005
 
Odoo vs SAP – Which ERP Is Better for Growing Businesses?
bySatishKumar2651
 
REST in Peace (Laravel Senegal Meetup 2025)
byWendell Adriel
 
Best Application Development Consulting Company in Houston
byDesss Applying Technologies
 
Job Interview for Global Federal Government MD Panel Presentation
byafnupe09
 
Dreamforce ‘25 Tour: Boost Productivity with AI-Assisted API Development
byPriya Shaw
 
Aviation Fleet Management Software for Airlines & Operators
bySISGAIN
 
Mitr Sarthi: A Smart ERP for Modern Manufacturers
byGamavis Software Solutions
 
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
DSD-INT 2025 Flexible quadtree submodelling with MODFLOW 6 - Case Hegewarren ...
byDeltares
 
DSD-INT 2025 An Introduction to MODFLOW 6 Solver Settings (Without the Agoniz...
byDeltares
 
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
SXP Market 2025-2035: $6.1B Future of Student Experience Platforms
bySatyanarayan Shambhu
 
Inside An AI Powered ERP System for Process Manufacturers
byBatchMaster Software Pvt. Ltd.
 
IT Asset Lifecycle Management Solution | Infraon
byEverestIMS Technologies Pvt. Ltd
 
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
Testing Strategies for Agile Teams in 2026
byMatt Calder
 
DSD-INT 2025 Multi-scale modeling to simulate Land Subsidence in the Central ...
byDeltares
 
Data Structure & Algorithm Lec- HeapSort.ppt
bypanhra1
 

Leveraging the GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment

  • 1.
    Leveraging GitHub Ecosystem forPython Projects: From Hello World to Docker Deployment Eoin Halpin, Tom Halpin 16/11/2024
  • 2.
    Agenda & Presenters 8 /0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 2
  • 3.
    Agenda Presenters Public Service Announcement DevOpsand DevSecOps GitHub Support for DevSecOps Git Workflows and Actions Conclusions Q&A 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3
  • 4.
    Presenters Tom Halpin: DevSecOps Enablement. Helpteams move to a DevOps model in support of product-aligned value streams. Facilitate adaption of the associated culture, practices, and tools in organizations. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 4 Eoin Halpin: Data Analyst - Project Management Member of Agile, customer-facing teams focused on delivering value to stakeholders. Help organizations and customers to gain valuable insights from data.
  • 5.
    Public Service Announcement 8 /0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 5
  • 6.
    Public Service Announcement Thistalk is not a Python Development talk. This talk is a Python DevSecOps talk which will cover using the GitHub eco- system to implement DevSecOps for a Python Application. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 6
  • 7.
    DevOps 8 / 05 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 7
  • 8.
    DevOps - Definition DevOpsis a cultural movement that emphasizes collaboration between software development (Dev) and IT operations (Ops) teams. The goal being to • Shorten the software development lifecycle • Improve deployment frequency • Ensure high-quality software delivery through • Automation • Continuous Integration • Continuous delivery / Continuous Deployment • Rapid Feedback Loops 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 8
  • 9.
    DevOps – TheThree Ways The three ways form a framework for achieving high performance and continuous improvement within organizations adopting DevOps. • The First Way - Principles of Flow: focuses on optimizing the flow of work from development to operations. This includes continuous delivery and integration, ensuring that code changes are released quickly and reliably. The aim is to minimize work in progress and reduce bottlenecks. • The Second Way - Principles of Feedback: emphasizes the importance of feedback loops at all stages of the development process. This includes automated testing, monitoring, and alerting to gain insights into system performance and user experience. The goal is to learn from failures and successes to improve the system continuously. • The Third Way - Principles of Continual Learning and Experimentation: encourages a culture of innovation, where teams are empowered to experiment and learn from failures. This involves creating a safe environment for risk-taking, allowing for the rapid iteration of processes and practices. The focus is on fostering collaboration, knowledge sharing, and adaptation. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 9
  • 10.
    DevOps – InfinityLoop 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 0
  • 11.
    DevSecOps - Definition DevSecOps -Is the practice of integrating security throughout the CI/CD process. It grew out of the DevOps movement and builds on the same foundational frameworks. - Focuses on “shifting security left” into active development instead of addressing it after code has been developed. - The objective being to strengthen security and compliance by addressing security concerns as they arise during the development process. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 1
  • 12.
    DevSecOps – InfinityLoop 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 2
  • 13.
    GitHub – DevSecOps Enablement 8/ 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 1 3
  • 14.
    GitHub – Workflows& Actions In the context of DevSecOps CI/CD • GitHub Workflows are automated processes that orchestrate various stages of software development, such as building, testing, and deploying applications. • These workflows utilize GitHub Actions, which are individual tasks that perform specific functions—like running tests, checking code quality, or deploying to production • Together they allow teams using GitHub to automate and streamline their continuous integration and continuous deployment pipelines, ensuring faster, more reliable and more secure software delivery. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 4
  • 15.
    The Application 8 /0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 1 5
  • 16.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 6 genai-musings - GitHub Organization
  • 17.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 7 chatting-with-ChatGPT - GitHub Repository
  • 18.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 8 chatting-with-ChatGPT - OpenAI Integration Hello World for the AI Age
  • 19.
    GitHub – Workflows/ DevSecOps CI/CD 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 9 Plan No specific workflows. Code linter - (code quality) Spellcheck- (documentation quality) md-links - (checks for broken links in documentation) Build docker_build_push Release docker_build_push Deploy docker_push_readme (updating documentation) Operate No specific workflows. Monitor No specific workflows. Test test (unit/integration tests) coverage (code coverage analysis) bandit (SAST for Python code) codeql (SAST for code analysis) safety (SAST for dependency vulnerability checks) trivy (DAST for container image security scanning)
  • 20.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 0 chatting-with-ChatGPT – GitHub Workflows
  • 21.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 1 chatting-with-ChatGPT - test.yaml CI Test Workflow
  • 22.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 2 chatting-with-ChatGPT - safety.yaml CI SAST Workflow
  • 23.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 3 chatting-with-ChatGPT - docker-build-push.yaml CD Workflow
  • 24.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 4 chatting-with- ChatGPT - docker-build- push.yaml CD Workflow – DAST (Trivy)
  • 25.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 5 genai-musings - Template, Repo Template • Site - https://www.cyberdynesystems.ie • API – https://www.cyberdynesystems.ie/dev/api • API Key - https://www.cyberdynesystems.ie/dev/keys • GitHub Repository - https://github.com/genai-musings/template-repo- template • Docker Image - https://hub.docker.com/r/genaimusings/template-repo- template
  • 26.
    GitHub – DevSecOps - WorkflowOutputs 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 2 6
  • 27.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 7 chatting-with-ChatGPT Actions
  • 28.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 8 chatting-with-ChatGPT - spellcheck.yaml CI Spell Check Workflow - Failure
  • 29.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 9 chatting-with-ChatGPT - test.yaml CI Unit Test Workflow - Failure
  • 30.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 0 chatting-with-ChatGPT – docker-build-push.yaml CI Workflow – GitHub Action Node Module Depreciation Failure
  • 31.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 1 chatting-with-ChatGPT - docker-build-push.yaml CD Workflow – DAST - Failure
  • 32.
    1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 2 Docker Hub - genaimusings
  • 33.
    Conclusions 8 / 05 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 3 3
  • 34.
    Conclusions 1 6 /1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 4 This session highlighted the benefits of using the GitHub ecosystem for implementing DevSecOps and CI/CD practices for Python applications. Benefits highlighted included: • Streamlined Collaboration – through pull requests and code reviews. • Integrated SAST and DAST Security Practices – via GitHub Actions and Dependabot. • Automated Testing and Deployment – implemented using GitHub Actions speeds up delivery. • Visibility and Monitoring – insights provided into commit history, release management and deployment statuses. • Scalability and Flexibility - the support for an extensive range of integrations and tools tailored for Python applications that can be incorporated in CI/CD pipelines.
  • 35.
    Q&A & Thanks 8 / 05 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 3 5