Skip to content

Commit cec74e6

Browse files
CopilotCalinL
Copilot
and
CalinL
committed
Implement DevSecOps6 page with container and supply chain security demos
Co-authored-by: CalinL <[email protected]>
1 parent 8e8e8d5 commit cec74e6

File tree

3 files changed

+486
-0
lines changed

3 files changed

+486
-0
lines changed

src/webapp01/Pages/DevSecOps6.cshtml

Lines changed: 223 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,223 @@
1+
@page
2+
@model DevSecOps6Model
3+
@{
4+
ViewData["Title"] = "DevSecOps6 - Container & Supply Chain Security";
5+
}
6+
7+
<div class="container">
8+
<div class="row">
9+
<div class="col-12">
10+
<h1 class="display-4 text-primary">@ViewData["Title"]</h1>
11+
<p class="lead">Advanced container security, supply chain protection, and cloud-native DevSecOps practices</p>
12+
<hr />
13+
</div>
14+
</div>
15+
16+
<!-- Alert for TempData messages -->
17+
@if (TempData["SecurityDemoResult"] != null)
18+
{
19+
<div class="alert alert-info alert-dismissible fade show" role="alert">
20+
@TempData["SecurityDemoResult"]
21+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
22+
</div>
23+
}
24+
25+
@if (TempData["SecurityDemoError"] != null)
26+
{
27+
<div class="alert alert-danger alert-dismissible fade show" role="alert">
28+
@TempData["SecurityDemoError"]
29+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
30+
</div>
31+
}
32+
33+
<div class="row">
34+
<!-- Container Security Section -->
35+
<div class="col-lg-8">
36+
<div class="card mb-4">
37+
<div class="card-header bg-gradient" style="background: linear-gradient(135deg, #0d6efd, #198754);">
38+
<h3 class="card-title mb-0 text-white">
39+
<i class="bi bi-boxes"></i> Container Security & Supply Chain Updates 2024
40+
</h3>
41+
</div>
42+
<div class="card-body">
43+
@if (Model.ContainerSecurityFeatures.Any())
44+
{
45+
<div class="list-group list-group-flush">
46+
@foreach (var feature in Model.ContainerSecurityFeatures)
47+
{
48+
<div class="list-group-item d-flex align-items-start">
49+
<span class="badge bg-gradient text-white me-3 mt-1" style="background: linear-gradient(45deg, #dc3545, #fd7e14);">NEW</span>
50+
<div>
51+
<p class="mb-1">@feature</p>
52+
<small class="text-muted">Enhanced container and cloud security capabilities</small>
53+
</div>
54+
</div>
55+
}
56+
</div>
57+
}
58+
else
59+
{
60+
<p class="text-muted">No container security updates available.</p>
61+
}
62+
</div>
63+
</div>
64+
65+
<!-- Advanced Supply Chain Security -->
66+
<div class="card mb-4">
67+
<div class="card-header bg-dark text-white">
68+
<h3 class="card-title mb-0">Supply Chain Security Portfolio</h3>
69+
</div>
70+
<div class="card-body">
71+
<div class="row">
72+
<div class="col-md-6">
73+
<h5><i class="bi bi-shield-shaded"></i> SBOM Generation</h5>
74+
<p>Automated Software Bill of Materials generation with vulnerability mapping and license compliance tracking.</p>
75+
76+
<h5><i class="bi bi-fingerprint"></i> Artifact Signing</h5>
77+
<p>Cryptographic signing of container images and artifacts with Sigstore and Cosign integration.</p>
78+
79+
<h5><i class="bi bi-graph-down-arrow"></i> Provenance Tracking</h5>
80+
<p>Complete build provenance documentation with SLSA framework compliance and attestation.</p>
81+
</div>
82+
<div class="col-md-6">
83+
<h5><i class="bi bi-cloud-check"></i> Cloud Security</h5>
84+
<p>Multi-cloud security posture management with infrastructure-as-code scanning and compliance.</p>
85+
86+
<h5><i class="bi bi-layers"></i> Runtime Protection</h5>
87+
<p>Container runtime security monitoring with behavioral analysis and threat detection.</p>
88+
89+
<h5><i class="bi bi-diagram-3"></i> Mesh Security</h5>
90+
<p>Service mesh security policies with zero-trust networking and encrypted communication.</p>
91+
</div>
92+
</div>
93+
</div>
94+
</div>
95+
</div>
96+
97+
<!-- Security Demo Sidebar -->
98+
<div class="col-lg-4">
99+
<!-- Container Security Demo Section -->
100+
<div class="card mb-4">
101+
<div class="card-header bg-danger text-white">
102+
<h4 class="card-title mb-0">
103+
<i class="bi bi-exclamation-octagon-fill"></i> Container Security Demo
104+
</h4>
105+
</div>
106+
<div class="card-body">
107+
<p class="text-muted small">
108+
This demonstration includes container and cloud security vulnerabilities for advanced GHAS testing.
109+
These patterns showcase supply chain and runtime security scanning.
110+
</p>
111+
112+
<!-- Environment Variable Testing Form -->
113+
<form method="post" asp-page-handler="TestEnvironmentVariables" class="mt-3">
114+
<div class="mb-3">
115+
<label for="envVarName" class="form-label">Environment Variable:</label>
116+
<input type="text" class="form-control" id="envVarName" name="envVar"
117+
placeholder="Enter env var name" value="DATABASE_PASSWORD">
118+
<div class="form-text">Test environment variable exposure vulnerabilities</div>
119+
</div>
120+
<div class="mb-3">
121+
<label for="envValue" class="form-label">Environment Value:</label>
122+
<input type="text" class="form-control" id="envValue" name="envValue"
123+
placeholder="Enter env var value" value="supersecret123">
124+
</div>
125+
<button type="submit" class="btn btn-danger btn-sm">
126+
<i class="bi bi-gear"></i> Test Environment Access
127+
</button>
128+
</form>
129+
130+
<!-- Container Command Demo -->
131+
<form method="post" asp-page-handler="TestContainerCommand" class="mt-4">
132+
<div class="mb-3">
133+
<label for="containerCmd" class="form-label">Container Command:</label>
134+
<input type="text" class="form-control" id="containerCmd" name="command"
135+
placeholder="Enter container command" value="cat /etc/passwd">
136+
<div class="form-text">Demonstrates container escape vulnerabilities</div>
137+
</div>
138+
<button type="submit" class="btn btn-warning btn-sm">
139+
<i class="bi bi-terminal"></i> Execute Container Command
140+
</button>
141+
</form>
142+
</div>
143+
</div>
144+
145+
<!-- Cloud Security Resources -->
146+
<div class="card">
147+
<div class="card-header bg-success text-white">
148+
<h4 class="card-title mb-0">
149+
<i class="bi bi-cloud-security"></i> Cloud Security Resources
150+
</h4>
151+
</div>
152+
<div class="card-body">
153+
<div class="d-grid gap-2">
154+
<a href="https://docs.github.com/en/code-security/supply-chain-security"
155+
class="btn btn-outline-primary btn-sm" target="_blank">
156+
<i class="bi bi-link-45deg"></i> Supply Chain Security
157+
</a>
158+
<a href="https://docs.github.com/en/actions/deployment/security-hardening-your-deployments"
159+
class="btn btn-outline-secondary btn-sm" target="_blank">
160+
<i class="bi bi-shield-lock"></i> Deployment Security
161+
</a>
162+
<a href="https://docs.github.com/en/code-security/dependabot/dependabot-security-updates"
163+
class="btn btn-outline-success btn-sm" target="_blank">
164+
<i class="bi bi-arrow-repeat"></i> Security Updates
165+
</a>
166+
<a href="https://docs.github.com/en/enterprise-cloud@latest/admin/code-security"
167+
class="btn btn-outline-warning btn-sm" target="_blank">
168+
<i class="bi bi-building"></i> Enterprise Security
169+
</a>
170+
<a href="https://docs.github.com/en/code-security/securing-your-organization"
171+
class="btn btn-outline-info btn-sm" target="_blank">
172+
<i class="bi bi-people"></i> Organization Security
173+
</a>
174+
</div>
175+
</div>
176+
</div>
177+
</div>
178+
</div>
179+
180+
<!-- Advanced Cloud & Container Features Section -->
181+
<div class="row mt-5">
182+
<div class="col-12">
183+
<div class="card">
184+
<div class="card-header bg-gradient text-white" style="background: linear-gradient(135deg, #198754, #20c997);">
185+
<h3 class="card-title mb-0">
186+
<i class="bi bi-cloud-arrow-up"></i> Cloud-Native Security & DevSecOps Automation
187+
</h3>
188+
</div>
189+
<div class="card-body">
190+
<div class="row">
191+
<div class="col-md-4">
192+
<h5 class="text-primary">Infrastructure Security</h5>
193+
<ul class="list-unstyled">
194+
<li><i class="bi bi-check-circle text-success"></i> Infrastructure-as-Code scanning</li>
195+
<li><i class="bi bi-check-circle text-success"></i> Cloud misconfigurations detection</li>
196+
<li><i class="bi bi-check-circle text-success"></i> Kubernetes security policies</li>
197+
<li><i class="bi bi-check-circle text-success"></i> Multi-cloud compliance monitoring</li>
198+
</ul>
199+
</div>
200+
<div class="col-md-4">
201+
<h5 class="text-success">Container Security</h5>
202+
<ul class="list-unstyled">
203+
<li><i class="bi bi-check-circle text-success"></i> Image vulnerability scanning</li>
204+
<li><i class="bi bi-check-circle text-success"></i> Runtime threat detection</li>
205+
<li><i class="bi bi-check-circle text-success"></i> Container escape prevention</li>
206+
<li><i class="bi bi-check-circle text-success"></i> Secrets management integration</li>
207+
</ul>
208+
</div>
209+
<div class="col-md-4">
210+
<h5 class="text-warning">DevSecOps Automation</h5>
211+
<ul class="list-unstyled">
212+
<li><i class="bi bi-check-circle text-success"></i> Security-as-Code practices</li>
213+
<li><i class="bi bi-check-circle text-success"></i> Automated compliance reporting</li>
214+
<li><i class="bi bi-check-circle text-success"></i> CI/CD security gates</li>
215+
<li><i class="bi bi-check-circle text-success"></i> Security workflow orchestration</li>
216+
</ul>
217+
</div>
218+
</div>
219+
</div>
220+
</div>
221+
</div>
222+
</div>
223+
</div>

0 commit comments

Comments
 (0)