This repository demonstrates a DevSecOps CI/CD pipeline for a Node.js Express application. It focuses on the "Shift-Left" security, ensuring that security and quality checks are integrated deep into the automated workflow.
The application serves a simple /health endpoint, while the infrastructure provides a robust pipeline that automates everything from unit testing to security-hardened container deployments.
- Backend: Node.js (v18+) & Express
- Containerization: Docker & Multi-stage builds
- CI/CD: GitHub Actions
- Security: Trivy (Shift-Left Vulnerability Scanning)
- Testing: Node.js Test Runner & Smoke Tests
Ensure you have Node.js installed on your machine.
-
Install dependencies:
npm install
-
Start the application:
npm start
-
Verify the endpoint: Open
http://localhost:3000/healthin your browser.
This project uses multi-stage builds and non-root user isolation for security.
-
Build the image:
docker build -t node-app . -
Run the container:
docker run -p 3000:3000 node-app
-
Check health:
curl http://localhost:3000/health