This repo demostrates how to secure CI/CD pipeline using CyberArk Conjur

Login as root or "sudo su -" run bin/start.sh

This script will install docker, docker-compose & ansible on the host, and configure the firewall using ansible iptables module. Then create GitLab, GitLab runner, WeaveScope, Jenkins BlueOcean, Ansible, SonarQube, Artifactory & Conjur as containers It also install 2 demos projects: Insecure demo & Secure Demo

xip.io will be used for DNS names for containers.

By default, a text file will be generated, containing all the login url, username & passwords.

Simply update the source in Gitlab, and the pipeline will be automatically triggered. You can review .gitlab-ci.yml in GitLab, Jenkins project configuration and AWX playbook. The insecure demo will have secrets hard-coded, while the secure demo will be secured by CyberArk Conjur

Two containers are used, one for SCM & one for CI runner A ruby script is used to get the registration token as there is no offical way to fetch it using CLI or API (as of 2018.03)

• Single container is used to save the host resources
• Setup wizard is skipped
• security will be set automatically
• an admin account with random password will be created

• Code Quality Check

• Repo for Artifacts

• CD automation

This script kills & removes all related containers

This script will print out all the links & login details of each CI/CD tools