devopsshield/devopsshield repository overview

⁠Table of Contents

• Quick Start⁠
  • Who we are⁠
  • How to use this image⁠
  • Video Walkthrough⁠
  • DevOps Shield in the Azure Marketplace⁠
  • DevOps Shield in the Azure DevOps Marketplace⁠
  • License⁠
• Detailed Instructions using Docker Desktop GUI⁠
  • Installation Prerequisites⁠
  • Install Steps⁠
  • First Login for DevOps Shield⁠
  • Configuration Prerequisites⁠
  • Config Steps⁠
• Detailed Instructions using Azure (Web App for Containers)⁠
  • Azure Install Script⁠
• Detailed Instructions using AWS (Amazon Lightsail)⁠
• Detailed Instructions using GCP (Cloud Run)⁠
• DevOps Assessments⁠

⁠Quick Start

• Maintained by:
  • DevOps Shield⁠
• Where to get help:
  • Resource Center⁠
  • Contact Us⁠
• Report any issues:
  • GitHub Issues⁠
• Videos:
  • Installation Guide⁠
• Docker Hub:
  • DevOps Shield Community Edition⁠
• Live Demo:
  • demo.devopsshield.com⁠
• DevOps Shield Security Scanner Pipeline Task:
  • Azure DevOps Marketplace⁠

⁠Who we are

DevOps Shield - Your Business. We Protect It. Our mission is to empower and protect every organization with innovative cybersecurity for DevOps.

• Improve your DevOps security governance.
• Reduce exposure to possible DevOps cyberattacks.
• Solve rising security and DevOps misconfiguration concerns.
• Generate DevOps security assessment reports.

DevOps Shield fills the gap between the DevSecOps and Cloud security governance solutions by hardening your DevOps platform configuration and remediating non-compliant resources.

⁠How to use this image

Here you'll find the Docker image for the Community Edition of DevOps Shield.

1. To run it in detached mode on host port 8080

docker run -d -p 8080:8080 devopsshield/devopsshield

1. Then browse to http://localhost:8080⁠ in PowerShell:

start http://localhost:8080

or in Linux (e.g. WSL 2 - see Install Google Chrome for Linux⁠ and install xdg utilities (sudo apt install xdg-utils))

xdg-open http://localhost:8080

1. Log in with username devopsshield and password devopsshield. You will then be prompted to change your password.

⁠Video Walkthrough

Click here⁠ for video instructions.

⁠DevOps Shield in the Azure Marketplace

Alternatively, you can try it for FREE in the Azure Marketplace⁠.

⁠DevOps Shield in the Azure DevOps Marketplace

You can also run the DevOps Shield CLI in a pipeline using the DevOps Shield Security Scanner build task⁠.

⁠License

DevOps Shield Community Edition is licensed under the DevOps Shield proprietary license⁠. Copyright (c) CAD4DevOps Inc. (DevOps Shield). All rights reserved.

⁠Detailed Instructions using Docker Desktop GUI

⁠Installation Prerequisites

• Docker Desktop for Windows⁠, Linux⁠, or Mac⁠

⁠Install Steps

1. Open Docker Desktop, click on Images, then Search Images to Run
2. Search for image "devopsshield/devopsshield" and click pull
3. Click on run
4. Choose host port (e.g. 8080) in optional settings then click on run
5. Now browse to the app at http://localhost:8080⁠ or simply click on the hyperlink below

⁠First Login for DevOps Shield

1. Login to the app by clicking login button on top right
2. Log in with username devopsshield and password devopsshield. You will then be prompted to change your password.
3. Change default password

⁠Configuration Prerequisites

1. Obtain a Full Scoped Personal Access Token (PAT) for the Azure DevOps Organization to assess (see Use personal access tokens⁠)
2. Don't for get to copy the PAT to the clipboard!
3. Obtain the Microsoft Entra ID (aka Azure Active Directory Tenant ID) associated to the Azure DevOps Organization you chose to assess (see Connect your organization to Microsoft Entra ID⁠)

⁠Config Steps

1. In the app, click on setup configuration
2. Now click on Quick Setup - Get Started
3. Fill out the values obtained above with your Tenant ID, your Azure Devops organization to assess as well as your Full PAT. Then click on Start Setup Now!
4. You should quickly see the setup configuration done as below:
5. Go to Automation Tasks and wait for the scan to complete
6. Depending on how large your Azure DevOps organization is, it may take minutes to finish. In our case, it took about 5 minutes to complete.

⁠Detailed Instructions using Azure (Web App for Containers)

1. Login to the Azure Portal⁠ and click on Create a Resource
2. Search for Web App for Containers and click on the tile
3. Click on Create
4. Enter instance details such as:

• Subscription
• Resource Group
• Web App Name
• Region

Ensure you pick a Linux Plan as well as set Publish to Docker Container.

1. Select the Docker Tab (or click Next 3 times) and enter the following information:

Ensure you enter devopsshield/devopsshield for the Image and tag.

1. Click on Review and Create then on Create.

1. Once deployment is done, click on Go to resource

1. Now click on configuration to add an app setting mapping the website port to 8080 (see Default ASP.NET Core port changed from 80 to 8080⁠)

1. Add the setting WEBSITES_PORT with value 8080 then click OK

1. Click on Save to restart webapp

1. Browse to the app by clicking on default domain in Overview Page

1. Follow the post install steps

⁠Azure Install Script

• Open a PowerShell terminal, then copy and run the following command:

Invoke-WebRequest "https://raw.githubusercontent.com/devopsshield/devops-shield/main/support/docker-hub/scripts/Azure/DevOpsShield-DockerHub-Azure-Install-Script.ps1" -OutFile "DevOpsShield-DockerHub-Azure-Install-Script.ps1"; Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass; .\DevOpsShield-DockerHub-Azure-Install-Script.ps1

⁠Detailed Instructions using AWS (Amazon Lightsail)

1. Sign in to the Lightsail console⁠. On the Lightsail home page, choose the Containers tab and click on Create container service.
2. In the Create a container service page, choose Change AWS Region, then choose an AWS Region for your container service. Choose a capacity for your container service.
3. Click on Setup Deployment and Specify a custom deployment. Enter the following information:

• Container name: Container names must contain only alphanumeric characters and hyphens. A hyphen (-) can separate words but cannot be at the start or end of the name.
• Image: devopsshield/devopsshield
• Open Ports: 8080 (HTTP)
• Public Endpoint: select the container name above

1. Identify your service and create it! The name of your container service must be unique within each AWS Region in your Lightsail account. It must also be lower-case, and DNS-compliant.

1. Wait for the deployment to complete (may take a few minutes...)

1. Once your deployment is done, browse your new instance!

1. Click on public domain link above and start your first DevOps assessment!

⁠Detailed Instructions using GCP (Cloud Run)

1. Login to Google Cloud Platform Cloud Run⁠

1. Click on Create Service and fill in the service details:

• Container Image URL: devopsshield/devopsshield
• Service Name: e.g. devopsshield-gcp-demo-1
• Region

1. Add Authorization info, port information as well as (optionally) some health checks

1. You may need to increase Memory Limit!

You can always check your resource usage in the metrics

1. Now click on create

1. Wait for deployment to finish, then click on URL

1. Browse the DevOps Shield Site then do your first login!

⁠DevOps Assessments

Once an assessment has been done, you can view a full history of all assessments done by clicking on DevOps Assessments Clicking on any individual assessment, we see: Clicking on View & Export Reports: Scroll Down to see the full report including: DevOps Security Overview, DevOps Governance and Compliance, DevOps Inventory Please note that the Community Edition is limited to seeing up to 10 Azure DevOps Resources in these Assessment Reports

You can currently export to JSON or CSV the following reports:

• Security Governance

• Resource Inventory

• Security Permissions