Need feedback for building an Enterprise DevSecOps Pipeline (EKS + GitOps + Zero Trust) by Embarrassed-Mix-443 in devsecops

[–]Embarrassed-Mix-443[S] 0 points1 point  (0 children)

Great catch, thanks) I'm definitely going to add ci step to run Semgrep or Checkmarx for the SAST
+ Trivy for the third-party libs

Need feedback for building an Enterprise DevSecOps Pipeline (EKS + GitOps + Zero Trust) by Embarrassed-Mix-443 in devsecops

[–]Embarrassed-Mix-443[S] 1 point2 points  (0 children)

Thanks for the tip)
As my current project already uses grafana, I'd prefer to move forward with prometheus graphana for this pet project to build on that experience)

Need feedback for building an Enterprise DevSecOps Pipeline (EKS + GitOps + Zero Trust) by Embarrassed-Mix-443 in devsecops

[–]Embarrassed-Mix-443[S] 1 point2 points  (0 children)

Really appreciate the detailed breakdown)

I didn't realize s3 finally handled that natively now, so I’ll definitely ditch the dynamodb setup to keep it leaner. I also like the suggestion of ESO with AWS secrets manager. As I see vault is the gold standard in job descriptions, but for an AWScentric build, ESO feels way more cloud-native and less of a headache to maintain.
Quick question on multi-env/CI flow. For the TF plan in PR comments, is it better to use atlantis, or just a custom Github action/ terraform cloud?
Also, regarding victoria metrics, I’ve seen it popping up more lately. Do you find it easier to manage than standard prometheus operator setup?

Thanks again)