Reference no: EM133123793
Cloud DevOpsSec Project
The learning outcomes of the Cloud DevOpsSec module are as follows:
LO 1: Critically analyse different techniques to perform code analysis, plan and implement static code analysis.
LO2: Develop and implement a plan for provisioning and configuration of software applications through CI/CD.
LO3: Critically evaluate and implement methodologies for secure application development and secure execution in production.
Project Description
For this assignment, you are required to develop a cloud-based application. You are required to build, deploy, monitor, and update your web application by setting up a full lifecycle CI/CD pipeline. Your application must be deployed and hosted on a public cloud provider.
Your dynamic web-based application should:
• Accept input from the user and validate that input
• Provide both CRUD and non-CRUD functionalities
• Use a suitable data storage solution (i.e. based on the requirements of your application)
• Deploy your application to a suitable public cloud platform. The deployed application must not be modified after the submission deadline. The examiner should be able to view your deployed application without having to register for any account with the public cloud provider where you deployed your application at (i.e. the application (not its source code!) should be publicly accessible).
You must conduct some independent research and include any relevant bibliography in the accompanying report. This is an individual project.
On completion, you will document the process and reflect on it through the deliverables listed in the next section.
You are required to document the process of developing the cloud-based application and the CI/CD pipeline set up, and reflect on it through the deliverables listed below. You have to submit the following deliverables through Moodle.
1. A project report (6-7 pages formatted using the IEEE Conference double-column template1) which should include:
• Headline: title of the report, your name, student number, module, programme, and date
• Abstract - a 150-300-word executive summary of the project and the main results
• Section 1: Introduction - motivation for your project and its main objectives
• Section 2: Architectural design aspects of your application and explanation - document the architecture of your cloud-based application including the architecture diagram of the system. The diagram should be fully explained in text. Note that the diagram should be created by you based on your own application.
• Section 3: Continuous integration, continuous delivery and deployment of your application
i. Document the CI/CD pipeline including a diagram of the entire workflow; the diagram should indicate where the different tools/cloud-based services are used to support the CI/CD pipeline. The diagram should be fully explained in text. Note that he diagram should be created by you based on the pipeline and stages you set up for your project.
ii. Include the URL to your deployed application
iii. Document the CI/CD pipeline in action - document how a code change flows through the pipeline.
Note that at all times you must use a private repository for versioning control (e.g. GitHub, AWS CodeCommit, etc.)
• Section 4: Critically analyse and document the approach you took for performing static code analysis, including security vulnerabilities analysis. Document your findings from performing static code analysis and security vulnerabilities analysis.
• Section 5: Conclusions including findings/interpretations - what did you learn and find out? Include a short reflection on developing this project.
• Section 6: References - a complete list of academic works and/or online materials used in the project. References should be included as in-text citations using the IEEE referencing style.
Note that the report should include for all the previously mentioned elements demonstration snippets and/or screenshots of the commands and tools used, where appropriate.
2. The source code artefacts submission (a ZIP file) should include:
• Source code of the solution (includes commented source code of the application together with any scripts used for automation and configuration)
3. Project presentation and demonstration video. A maximum 10 minutes video submission that should include the following:
• A concise (approximate 1-2 minutes) presentation of the motivation and high-level description of the idea of the project
• Demonstration - give a demonstration of your application highlighting its main features; give a demonstration of the CI/CD pipeline by making a change in one of the features of your application (i.e. modify its source code) and show how the change flows through the CI/CD pipeline and describe the operations performed in each stage of the pipeline, including demonstrating the modified feature in the deployed application.
• Answers to questions/items which you will receive in advance from your lecturer.
Attachment:- Cloud DevOpsSec.rar