This project is not originally developed by me. The core MERN application was created by the original author thenileshnishad.
I am using this project only for learning purposes to implement and practice DevOps and DevSecOps best practices.
This repository serves as a hands-on learning ground to enhance my DevOps & DevSecOps skills by integrating various tools, technologies, and workflows.
- Containerization: Dockerizing frontend and backend services.
- Orchestration: Deployments using Kubernetes (K8s).
- CI/CD Pipelines: Automated build, test, and deployment using Jenkins / GitHub Actions / GitLab CI.
- Infrastructure as Code (IaC): Managing infrastructure with Terraform.
- Configuration Management: Automating setup with Ansible.
- Monitoring & Observability: Setting up Prometheus + Grafana for system metrics and alerts.
- Cloud Deployment: Deploying services on AWS Free Tier (EC2, S3, RDS, etc.).
- Static Code Analysis: Using SonarQube and ESLint for code quality and bug detection.
- Dependency Scanning: Identifying vulnerable packages with Trivy and npm audit.
- Container Security: Scanning Docker images with Trivy.
- Secrets Management: Handling sensitive data with .env files, AWS Secrets Manager, or Kubernetes Secrets.
- Secure CI/CD: Adding security gates in pipelines (fail on high-severity vulnerabilities).
- Monitoring & Alerting for Security: Integrating security alerts with monitoring dashboards.
By working on this project, I aim to:
- Strengthen my CI/CD pipeline design skills.
- Apply DevSecOps principles to ensure code, dependencies, and containers are secure.
- Gain real-world experience with Kubernetes, Terraform, and Ansible.
- Improve cloud deployment practices while staying cost-optimized.
- The original MERN stack application belongs to thenileshnishad.
- My contribution is focused purely on DevOps and DevSecOps workflows.
- No intention of claiming ownership of the application code itself.