This project was developed during the first stage of the "Programa Intensivo em Containers e Kubernetes (PICK)" in 2024. During this initial phase, the focus was on operationalizing a Python application using containers, prioritizing efficiency, availability, and security.
This repository contains the implementation of a Python application in containers, using a variety of technologies to ensure the effectiveness, availability, and security of the application. It includes instructions for configuring and running the application in different environments.
Docker and Docker-Compose are essential tools for packaging and orchestrating applications and their dependencies in containers, ensuring portability, consistency, and ease of deployment across different environments.
Aqua Trivy is an open-source security tool that automates the detection of vulnerabilities in Docker and OCI container images, providing security and easy integration into CI/CD pipelines.
Chainguard is an approach to building container images using the "Distroless" philosophy, minimizing the size and attack surface of images, ensuring a secure and functional environment for running applications.
Cosign is a container image signing tool that ensures the authenticity, integrity, and security of images before they are deployed in production environments.
To run the application in your local environment, follow these steps:
-
Clone this repository:
git clone https://github.com/perestr3lo/giropops-senhas.git -
Navigate to the cloned repository directory:
cd giropops-senhas -
Run the application using Docker Compose:
docker compose up
To perform a Vulnerability Scan using Aqua Trivy, follow the steps below:
trivy image pallestrelli/linuxtips-giropops-senhas:2.0
If you want to verify the signature using Cosign, follow the steps below:
cosign verify --key cosign.pub pallestrelli/linuxtips-giropops-senhas:2.0