Skip to content

Instantly share code, notes, and snippets.

View JJediny's full-sized avatar

John Jediny JJediny

164 followers · 35 following
View GitHub Profile
@JJediny
JJediny / map.geojson
Created January 31, 2019 05:27
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@JJediny
JJediny / devsecops_checklist.md
Created October 11, 2017 14:17

The twelve-factor app Checklist

Also factors in the four principles of modern Release Engineering

  • Identifiability Being able to identify all of the source, tools, environment, and other components that make up a particular release.
  • Reproducibility The ability to integrate source, third party components, data, and deployment externals of a software system in order to guarantee operational stability.
  • Consistency The mission to provide a stable framework for development, deployment, audit, and accountability for software components.
  • Agility The ongoing research into what are the repercussions of modern software engineering practices on the productivity in the software cycle, i.e. continuous integration.

Codebase

@JJediny
JJediny / slack_webhook_post.py
Created August 29, 2017 14:42 — forked from devStepsize/slack_webhook_post.py
POST a JSON payload to a Slack Incoming Webhook using Python requests
'''
This is an example of how to send data to Slack webhooks in Python with the
requests module.
Detailed documentation of Slack Incoming Webhooks:
https://api.slack.com/incoming-webhooks
'''
import json
import requests
@JJediny
JJediny / cluster-template.json
Created August 23, 2017 15:34
{
"id": "test",
"modules": {
"cloudtrail": {
"enabled": true,
"event_pattern": {
"source": [
"aws.ec2"
]
}
@JJediny
JJediny / ansible_conditionals_examples.yaml
Created August 1, 2017 21:43 — forked from marcusphi/ansible_conditionals_examples.yaml
Ansible 1.3 Conditional Execution -- Very complete example with comments -- I find the conditional expressions to be ridiculously hard to get right in Ansible. I don't have a good model of what's going on under the surface so I often get it wrong. What makes it even harder is that there has been at least three different variants over the course …
---
# This has been tested with ansible 1.3 with these commands:
# ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts isFirstRun=false"
# ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts isFirstRun=true"
# ansible-playbook -i hosts ansible_conditionals_examples.yaml --extra-vars="hosts=myhosts"
# NB: The type of the variable is crucial!
- name: Ansible Conditionals Examples
hosts: $hosts
vars_files:
@JJediny
JJediny / opencontrol.json
Last active December 8, 2020 20:26
Opencontrol v4? Schema
{
"title": "Proposed - OpenControl Schema vX",
"type": "object",
"properties": {
"name": {
"title": "Name",
"description": "Name of the Component",
"type": "string",
"propertyOrder": 1
},
@JJediny
JJediny / Makefile
Created July 6, 2017 01:59 — forked from isaacs/Makefile
# Hello, and welcome to makefile basics.
#
# You will learn why `make` is so great, and why, despite its "weird" syntax,
# it is actually a highly expressive, efficient, and powerful way to build
# programs.
#
# Once you're done here, go to
# http://www.gnu.org/software/make/manual/make.html
# to learn SOOOO much more.
@JJediny
JJediny / something.stl
Created July 5, 2017 06:48
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@JJediny
JJediny / Jenkinsfile.json
Created June 12, 2017 17:15
JSON Schema of a Jenkinsfile (DSL Pipeline)
{
"description": "Jenkinsfile YAML",
"definitions": {
"libraries": {
"description": "One or more shared library identifiers to load",
"type": "array",
"items": {
"type": "string"
},
"minItems": 1
@JJediny
JJediny / SystemSecurityChecklist.md
Last active November 11, 2020 14:51
System Security Checklist based on https://simplesecurity.sensedeep.com/web-developer-security-checklist-f2e4f43c9c56

Database

  • Use encryption for data identifying users and sensitive data like access tokens, email addresses or billing details if possible (this will restrict queries to exact match lookups).
  • If your database supports low cost encryption at rest (like AWS Aurora), then enable that to secure data on disk. Make sure all backups are stored encrypted as well.
  • Use minimal privilege for the database access user account. Don’t use the database root account and check for unused accounts and accounts with bad passwords.
  • Store and distribute secrets using a key store designed for the purpose. Don’t hard code in your applications.
  • Fully prevent SQL injection by only using SQL prepared statements. For example: if using NPM, don’t use npm-mysql, use npm-mysql2 which supports prepared statements.

Development

  • Ensure that all components of your software are scanned for vulnerabilities for every version pushed to production. This means O/S, libraries and packages. This should be automa