A vulnerable NodeJS app to demonstrate secure container mangement practices according CIS Docker Benchmark v1.5.0.

The system proposes a DevSecOps framework leveraging static analysis and dynamic analysis tools implemented through GitHub Actions workflow.

• Trivy Security Scanner (Aqua Security)
• Docker Scout CLI
• Docker Bench for Security
• Falco Runtime Threat Detection (Sysdig)

1. Continuous Integration - Static analysis

   1. Dockerfile scan (Trivy)
   2. Docker Image scan (docker scout)
      • Quickview report
      • Base image report
      • CVE report

   💡 NOTE: After CI run, Docker Image is available Docker Hub

2. Continuous Deployment - Dynamic analysis

   1. CIS Benchmark scan (docker-bench)
      • Report
   2. Falco Runtime Event Detection
      • Events Log

   💡 NOTE: CD run initiates with the Docker image being deployed on the server

• NodeJS App Sample - @sd031
• Vulnerable Dockerfile - @SamP10