starred/go-backend-clean-architecture
1
0
Fork 0
mirror of https://github.com/amitshekhariitbhu/go-backend-clean-architecture.git synced 2026-04-27 05:25:51 +03:00
Code Issues 19 Projects Releases Packages Wiki Activity

[GH-ISSUE #7] DevSecOps best practices #2

New issue
Open
opened 2026-03-01 14:36:44 +03:00 by kerem · 2 comments
kerem commented 2026-03-01 14:36:44 +03:00
Owner
Copy link

Originally created by @timoa on GitHub (Jan 16, 2023).
Original GitHub issue: https://github.com/amitshekhariitbhu/go-backend-clean-architecture/issues/7

Hi Amit!

Thanks for this project! It's a perfect start for newcomers on Go backend development!

I'm preparing a Medium post about DevSecOps best practices and I took your project since you released it recently and have enough code to show security use cases.

I was not able to do that with a fork since most of the tools are not supporting it, but I will create PR to help implement automation if you are OK 👍

This is the list of the changes I already made to my cloned project:

  • Use Renovate to update the dependency vulnerabilities with automated PR
  • Added pre-commit to enforce check + security scan before committing (Go fmt, GoSec, Checkov, Hadolint, etc.)
  • Created a Makefile to the same commands between the local dev and CI/CD pipelines
  • Added a GitHub Workflow to test and build the app + code coverage + SonarCloud + SAST scan + versioning + CHANGELOG
  • Added a GitHub Workflow to review the PR with ReviewDog
  • Added a GitHub Workflow to provide the ScoreCard of the project (how secure is it)
  • Added a GitHub Workflow to test the project with GitHub CodeQL (detect security issues like SQL injection, etc.)

These changes are already on the following repo: https://github.com/timoa/secure-go-backend-clean-architecture

I will add the following:

  • Postman collection to run the API testing on the CI/CD
  • Smoke tests
  • OWASP ZAP Proxy scan to check the security of the API (HTTP headers, cookies, etc.)
Originally created by @timoa on GitHub (Jan 16, 2023). Original GitHub issue: https://github.com/amitshekhariitbhu/go-backend-clean-architecture/issues/7 Hi Amit! Thanks for this project! It's a perfect start for newcomers on Go backend development! I'm preparing a Medium post about DevSecOps best practices and I took your project since you released it recently and have enough code to show security use cases. I was not able to do that with a fork since most of the tools are not supporting it, but I will create PR to help implement automation if you are OK 👍 This is the list of the changes I already made to my cloned project: - Use Renovate to update the dependency vulnerabilities with automated PR - Added pre-commit to enforce check + security scan before committing (Go fmt, GoSec, Checkov, Hadolint, etc.) - Created a Makefile to the same commands between the local dev and CI/CD pipelines - Added a GitHub Workflow to test and build the app + code coverage + SonarCloud + SAST scan + versioning + CHANGELOG - Added a GitHub Workflow to review the PR with ReviewDog - Added a GitHub Workflow to provide the ScoreCard of the project (how secure is it) - Added a GitHub Workflow to test the project with GitHub CodeQL (detect security issues like SQL injection, etc.) These changes are already on the following repo: https://github.com/timoa/secure-go-backend-clean-architecture I will add the following: - Postman collection to run the API testing on the CI/CD - Smoke tests - OWASP ZAP Proxy scan to check the security of the API (HTTP headers, cookies, etc.)
kerem commented 2026-03-01 14:36:45 +03:00
Author
Owner
Copy link

@amitshekhariitbhu commented on GitHub (Jan 16, 2023):

Hi @timoa

You are most welcome. Please create the PR, I am sure it is going to help everyone.

<!-- gh-comment-id:1383598373 --> @amitshekhariitbhu commented on GitHub (Jan 16, 2023): Hi @timoa You are most welcome. Please create the PR, I am sure it is going to help everyone.
kerem commented 2026-03-01 14:36:45 +03:00
Author
Owner
Copy link

@timoa commented on GitHub (Jan 16, 2023):

I will don't worry 👍

<!-- gh-comment-id:1383623169 --> @timoa commented on GitHub (Jan 16, 2023): I will don't worry 👍
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/go-backend-clean-architecture#2
No description provided.