What is Project building?
Building Project labs will cover building/packaging the software/webapp from source code, on a local machine. This section is to give the beginners visibility into what actually happens when the pipeline executes the build step.
The following components are there in this phase:
IDE or Text Editor
Build System
People involved: Developers
What is a Build System?
A build system is mainly used to compile the source code into a deployable/usable form. However, it can also help in managing the following:
- Builds
- Documentation
- Dependencies
- Releases
Examples: Apache Maven, GNU Make
External sources
What is Apache Maven? http://maven.apache.org/what-is-maven.html
Apache Maven tutorials: https://www.tutorialspoint.com/maven/index.htm
What is GNU Make? https://www.gnu.org/software/make/
Makefile tutorials: https://www.tutorialspoint.com/makefile/index.htm
Why is it important in DevSecOps?
The project build phase compiles/transforms the source code into a deployable form (e.g. binary, package) by using/integrating the libraries/dependent packages, etc. It is important to check if the build system, dependency packages/libraries being used, are not vulnerable to known attacks and are updated to the latest security fixes.
What will you learn in this section?
The user will learn to perform the following tasks
Building a Java Web App from source code
Building Nginx Webserver from source code
Run pre-deployment checks on Django Web App source code
Tools Covered
GNU Make
python3
Apache Maven
Labs
Java Webapp
A Kali CLI is provided with a sample Java web app code. The user has to build the project from source code, package it into JAR archive using Maven.
Objective: Run compile, test, package on the source code!
Django Webapp
A Kali CLI is provided with a sample Django web app code. There is no need to build this, so instead the user has to check if the project is ready for migration and run automated tests (provided with it) using Python3.
Objective: Run migrate, test on the source code, and run it on the local machine!Nginx Software
A Kali CLI is provided with the Nginx source code. The user has to build the Nginx binary using make.
Objective: Configure, build the Nginx from source code and run it on the local machine!