pawnu
PythonSecurityPipeline
Python

DevSecOps pipeline for Python based project using Jenkins, Ansible, AWS, and open-source security tools and checks.

Last updated Jun 12, 2026
91
Stars
124
Forks
0
Issues
0
Stars/day
Attention Score
39
Language breakdown
No language data available.
Files click to expand
README

DevSecOps pipeline for Python project

A Jenkins end-to-end DevSecOps pipeline for Python web application, hosted on AWS Ubuntu 18.04

pipeline

psparchitecture

Disclaimer: This project is for demonstration purpose with surface level checks only, do not use it as-is for production

Checkout project - check out python application project repository with XSS vulnerability
git secret check - check there is no password/token/keys/secrets accidently commited to project github
SCA - check external dependencies/libraries used by the project have no known vulnerabilities
SAST - static analysis of the application source code for exploits, bugs, vulnerabilites
Container audit - audit the container that is used to deploy the python application
DAST - deploy the application, register, login, attack & analyse it from the frontend as authenticated user
System security audit - analyse at the security posture of the system hosting the application
WAF - deploy application with WAF which will filter malicious requests according to OWASP core ruleset

Installation steps

  • Clone this repository to your Ubuntu Server (t2-medium recommended)
git clone https://github.com/pawnu/PythonSecurityPipeline.git
  • Edit the code to make it work on your AWS
- Change to your AWS subnet vpcsubnetid - Change to your AWS security_group (allow inbound ssh(22), WAF(80), Optional web-app(10007) from your IP ONLY) - Create an IAM role which gives full-ec2-access and assign it to your ubuntu server
  • Run the setup script to create CICD server with Jenkins+pipeline ready to go
cd PythonSecurityPipeline
sudo sh setup-ubuntu.sh
  • Make sure your firewall allows incoming traffic to port 8080. Then, go to your jenkins server URL
http://your-jenkins-server:8080/
  • Use the temporary credentials provided on the logs to login. Change your password!
  • Go to the python pipeline project dashboard, click on "Build Now" button to start it off.

Setting up a Jenkins Pipeline project manually

A sample pipeline is already provided through automation
  • Click on New Item, input name for your project and select Pipeline as the option and click OK.
  • Scroll down to Pipeline section - Definition, select "Pipeline script from SCM" from drop down menu.
  • Select Git under SCM, and input Repository URL.
  • (Optional) Create and Add your credentials for the Git repo if your repo is private, and click Save.
  • You will be brought to the Dashboard of your Pipeline project, click on "Build Now" button to start off the pipeline.

To do list:

  • [x] Select appropriate security tools and sample python project
  • [x] Set up Jenkins server using docker (Dockerfile) and pipeline as code (Jenkinsfile) to run the checks
  • [x] Use ansible to create AWS ec2 test instance, configure the environment, and interact with it
  • [x] Hook up the web-app with nginx+modsecurity providing WAF, DDoS protection, reverse proxy capabilities
  • [x] Bootstrap with Jenkins API/configfile to setup and automatically create the pipeline job
  • [x] Carry out authenticated DAST scan on the python web app

Demo

finalgif4

Report

workspace

Authors

🔗 More in this category

© 2026 GitRepoTrend · pawnu/PythonSecurityPipeline · Updated daily from GitHub