SlideShare a Scribd company logo

Leveraging the GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment

E
eoinhalpin99

The document discusses leveraging the GitHub ecosystem for Python projects, specifically focusing on implementing DevSecOps practices within the CI/CD process. It highlights the importance of integrating security early in development, utilizing GitHub workflows and actions for automation, and emphasizes benefits such as streamlined collaboration, automated testing, and visibility into deployment statuses. Presenters Eoin Halpin and Tom Halpin outline their roles in promoting DevSecOps culture and practices for organizations.

Software
1 of 35
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Leveraging GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment Eoin Halpin, Tom Halpin 16/11/2024
Agenda & Presenters 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 2
Agenda Presenters Public Service Announcement DevOps and DevSecOps GitHub Support for DevSecOps Git Workflows and Actions Conclusions Q&A 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3
Presenters Tom Halpin: DevSecOps Enablement. Help teams move to a DevOps model in support of product-aligned value streams. Facilitate adaption of the associated culture, practices, and tools in organizations. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 4 Eoin Halpin: Data Analyst - Project Management Member of Agile, customer-facing teams focused on delivering value to stakeholders. Help organizations and customers to gain valuable insights from data.
Public Service Announcement 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 5
Public Service Announcement This talk is not a Python Development talk. This talk is a Python DevSecOps talk which will cover using the GitHub eco- system to implement DevSecOps for a Python Application. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 6
DevOps 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 7
DevOps - Definition DevOps is a cultural movement that emphasizes collaboration between software development (Dev) and IT operations (Ops) teams. The goal being to • Shorten the software development lifecycle • Improve deployment frequency • Ensure high-quality software delivery through • Automation • Continuous Integration • Continuous delivery / Continuous Deployment • Rapid Feedback Loops 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 8
DevOps – The Three Ways The three ways form a framework for achieving high performance and continuous improvement within organizations adopting DevOps. • The First Way - Principles of Flow: focuses on optimizing the flow of work from development to operations. This includes continuous delivery and integration, ensuring that code changes are released quickly and reliably. The aim is to minimize work in progress and reduce bottlenecks. • The Second Way - Principles of Feedback: emphasizes the importance of feedback loops at all stages of the development process. This includes automated testing, monitoring, and alerting to gain insights into system performance and user experience. The goal is to learn from failures and successes to improve the system continuously. • The Third Way - Principles of Continual Learning and Experimentation: encourages a culture of innovation, where teams are empowered to experiment and learn from failures. This involves creating a safe environment for risk-taking, allowing for the rapid iteration of processes and practices. The focus is on fostering collaboration, knowledge sharing, and adaptation. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 9
DevOps – Infinity Loop 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 0
DevSecOps - Definition DevSecOps - Is the practice of integrating security throughout the CI/CD process. It grew out of the DevOps movement and builds on the same foundational frameworks. - Focuses on “shifting security left” into active development instead of addressing it after code has been developed. - The objective being to strengthen security and compliance by addressing security concerns as they arise during the development process. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 1
DevSecOps – Infinity Loop 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 2
GitHub – DevSecOps Enablement 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 1 3
GitHub – Workflows & Actions In the context of DevSecOps CI/CD • GitHub Workflows are automated processes that orchestrate various stages of software development, such as building, testing, and deploying applications. • These workflows utilize GitHub Actions, which are individual tasks that perform specific functions—like running tests, checking code quality, or deploying to production • Together they allow teams using GitHub to automate and streamline their continuous integration and continuous deployment pipelines, ensuring faster, more reliable and more secure software delivery. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 4
The Application 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 1 5
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 6 genai-musings - GitHub Organization
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 7 chatting-with-ChatGPT - GitHub Repository
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 8 chatting-with-ChatGPT - OpenAI Integration Hello World for the AI Age
GitHub – Workflows / DevSecOps CI/CD 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 9 Plan No specific workflows. Code linter - (code quality) Spellcheck- (documentation quality) md-links - (checks for broken links in documentation) Build docker_build_push Release docker_build_push Deploy docker_push_readme (updating documentation) Operate No specific workflows. Monitor No specific workflows. Test test (unit/integration tests) coverage (code coverage analysis) bandit (SAST for Python code) codeql (SAST for code analysis) safety (SAST for dependency vulnerability checks) trivy (DAST for container image security scanning)
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 0 chatting-with-ChatGPT – GitHub Workflows
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 1 chatting-with-ChatGPT - test.yaml CI Test Workflow
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 2 chatting-with-ChatGPT - safety.yaml CI SAST Workflow
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 3 chatting-with-ChatGPT - docker-build-push.yaml CD Workflow
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 4 chatting-with- ChatGPT - docker-build- push.yaml CD Workflow – DAST (Trivy)
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 5 genai-musings - Template, Repo Template • Site - https://www.cyberdynesystems.ie • API – https://www.cyberdynesystems.ie/dev/api • API Key - https://www.cyberdynesystems.ie/dev/keys • GitHub Repository - https://github.com/genai-musings/template-repo- template • Docker Image - https://hub.docker.com/r/genaimusings/template-repo- template
GitHub – DevSecOps - Workflow Outputs 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 2 6
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 7 chatting-with-ChatGPT Actions
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 8 chatting-with-ChatGPT - spellcheck.yaml CI Spell Check Workflow - Failure
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 9 chatting-with-ChatGPT - test.yaml CI Unit Test Workflow - Failure
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 0 chatting-with-ChatGPT – docker-build-push.yaml CI Workflow – GitHub Action Node Module Depreciation Failure
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 1 chatting-with-ChatGPT - docker-build-push.yaml CD Workflow – DAST - Failure
1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 2 Docker Hub - genaimusings
Conclusions 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 3 3
Conclusions 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 4 This session highlighted the benefits of using the GitHub ecosystem for implementing DevSecOps and CI/CD practices for Python applications. Benefits highlighted included: • Streamlined Collaboration – through pull requests and code reviews. • Integrated SAST and DAST Security Practices – via GitHub Actions and Dependabot. • Automated Testing and Deployment – implemented using GitHub Actions speeds up delivery. • Visibility and Monitoring – insights provided into commit history, release management and deployment statuses. • Scalability and Flexibility - the support for an extensive range of integrations and tools tailored for Python applications that can be incorporated in CI/CD pipelines.
Q&A & Thanks 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 3 5

More Related Content

Similar to Leveraging the GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment (20)

PDF
DevOps - A Purpose for an Institution.pdf
Vishwas N
 
PPTX
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
PDF
GitOps 101 Presentation.pdf
ssuser31375f
 
PDF
Speeding up your team with GitOps
Brice Fernandes
 
PDF
(Ebook) Python for DevOps: Learn Ruthlessly Effective Automation by Noah Gift...
betshanumo
 
PDF
How open source is driving DevOps innovation: CloudOpen NA 2015
Gordon Haff
 
PDF
Promise of DevOps
Juraj Hantak
 
PDF
Perforce helix git swarm jan 2016(pva1) meetup
dsdata systems
 
PDF
A model of Test Driven Infrastructure
Marc Saettel
 
PDF
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Weaveworks
 
PDF
Python-for-DevOps-Learn-Ruthlessly-Effective-Automation-by-Noah-Gift_-Kennedy...
MinhTrnNht7
 
PDF
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
sparkfabrik
 
PDF
Delivering Quality at Speed with GitOps
Weaveworks
 
PPTX
What_is_DevOps_how_it's_very_useful_in_daily_Life.
anilpmuvvala
 
PPTX
What is DevOps And How It Is Useful In Real life.
anilpmuvvala
 
PDF
Innovative DevOps Project Ideas for Students to Practice with Industry.pdf
rose
 
PDF
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
Daniel Bryant
 
PDF
Cloud native development without the toil
Ambassador Labs
 
PDF
DevOps&Humanities
Guenjun Yoo
 
PPTX
What_is_DevOps.pptx
mridulsharma774687
 
DevOps - A Purpose for an Institution.pdf
Vishwas N
 
Cloud Native Transformation (Alexis Richardson) - Continuous Lifecycle 2018 ...
Weaveworks
 
GitOps 101 Presentation.pdf
ssuser31375f
 
Speeding up your team with GitOps
Brice Fernandes
 
(Ebook) Python for DevOps: Learn Ruthlessly Effective Automation by Noah Gift...
betshanumo
 
How open source is driving DevOps innovation: CloudOpen NA 2015
Gordon Haff
 
Promise of DevOps
Juraj Hantak
 
Perforce helix git swarm jan 2016(pva1) meetup
dsdata systems
 
A model of Test Driven Infrastructure
Marc Saettel
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
Weaveworks
 
Python-for-DevOps-Learn-Ruthlessly-Effective-Automation-by-Noah-Gift_-Kennedy...
MinhTrnNht7
 
GitOps: Git come unica fonte di verità per applicazioni e infrastruttura
sparkfabrik
 
Delivering Quality at Speed with GitOps
Weaveworks
 
What_is_DevOps_how_it's_very_useful_in_daily_Life.
anilpmuvvala
 
What is DevOps And How It Is Useful In Real life.
anilpmuvvala
 
Innovative DevOps Project Ideas for Students to Practice with Industry.pdf
rose
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
Daniel Bryant
 
Cloud native development without the toil
Ambassador Labs
 
DevOps&Humanities
Guenjun Yoo
 
What_is_DevOps.pptx
mridulsharma774687
 

Recently uploaded (20)

PPTX
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
PDF
Salesforce CRM Services.VALiNTRY360
VALiNTRY360
 
PPTX
Platform for Enterprise Solution - Java EE5
abhishekoza1981
 
PDF
Revenue streams of the Wazirx clone script.pdf
aaronjeffray
 
PPTX
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pptx
Varsha Nayak
 
PPTX
3uTools Full Crack Free Version Download [Latest] 2025
muhammadgurbazkhan
 
PPTX
Human Resources Information System (HRIS)
Amity University, Patna
 
PDF
Powering GIS with FME and VertiGIS - Peak of Data & AI 2025
Safe Software
 
PDF
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
PPTX
How Odoo Became a Game-Changer for an IT Company in Manufacturing ERP
SatishKumar2651
 
PPTX
Revolutionizing Code Modernization with AI
KrzysztofKkol1
 
PDF
GetOnCRM Speeds Up Agentforce 3 Deployment for Enterprise AI Wins.pdf
GetOnCRM Solutions
 
PPTX
MailsDaddy Outlook OST to PST converter.pptx
abhishekdutt366
 
PPTX
Writing Better Code - Helping Developers make Decisions.pptx
Lorraine Steyn
 
PDF
Linux Certificate of Completion - LabEx Certificate
VICTOR MAESTRE RAMIREZ
 
PDF
Understanding the Need for Systemic Change in Open Source Through Intersectio...
Imma Valls Bernaus
 
PPTX
Feb 2021 Cohesity first pitch presentation.pptx
enginsayin1
 
PPTX
Java Native Memory Leaks: The Hidden Villain Behind JVM Performance Issues
Tier1 app
 
PDF
Streamline Contractor Lifecycle- TECH EHS Solution
TECH EHS Solution
 
PPTX
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
Salesforce CRM Services.VALiNTRY360
VALiNTRY360
 
Platform for Enterprise Solution - Java EE5
abhishekoza1981
 
Revenue streams of the Wazirx clone script.pdf
aaronjeffray
 
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pptx
Varsha Nayak
 
3uTools Full Crack Free Version Download [Latest] 2025
muhammadgurbazkhan
 
Human Resources Information System (HRIS)
Amity University, Patna
 
Powering GIS with FME and VertiGIS - Peak of Data & AI 2025
Safe Software
 
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
How Odoo Became a Game-Changer for an IT Company in Manufacturing ERP
SatishKumar2651
 
Revolutionizing Code Modernization with AI
KrzysztofKkol1
 
GetOnCRM Speeds Up Agentforce 3 Deployment for Enterprise AI Wins.pdf
GetOnCRM Solutions
 
MailsDaddy Outlook OST to PST converter.pptx
abhishekdutt366
 
Writing Better Code - Helping Developers make Decisions.pptx
Lorraine Steyn
 
Linux Certificate of Completion - LabEx Certificate
VICTOR MAESTRE RAMIREZ
 
Understanding the Need for Systemic Change in Open Source Through Intersectio...
Imma Valls Bernaus
 
Feb 2021 Cohesity first pitch presentation.pptx
enginsayin1
 
Java Native Memory Leaks: The Hidden Villain Behind JVM Performance Issues
Tier1 app
 
Streamline Contractor Lifecycle- TECH EHS Solution
TECH EHS Solution
 
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
Ad

Leveraging the GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment

  • 1. Leveraging GitHub Ecosystem for Python Projects: From Hello World to Docker Deployment Eoin Halpin, Tom Halpin 16/11/2024
  • 2. Agenda & Presenters 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 2
  • 3. Agenda Presenters Public Service Announcement DevOps and DevSecOps GitHub Support for DevSecOps Git Workflows and Actions Conclusions Q&A 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3
  • 4. Presenters Tom Halpin: DevSecOps Enablement. Help teams move to a DevOps model in support of product-aligned value streams. Facilitate adaption of the associated culture, practices, and tools in organizations. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 4 Eoin Halpin: Data Analyst - Project Management Member of Agile, customer-facing teams focused on delivering value to stakeholders. Help organizations and customers to gain valuable insights from data.
  • 5. Public Service Announcement 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 5
  • 6. Public Service Announcement This talk is not a Python Development talk. This talk is a Python DevSecOps talk which will cover using the GitHub eco- system to implement DevSecOps for a Python Application. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 6
  • 7. DevOps 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 7
  • 8. DevOps - Definition DevOps is a cultural movement that emphasizes collaboration between software development (Dev) and IT operations (Ops) teams. The goal being to • Shorten the software development lifecycle • Improve deployment frequency • Ensure high-quality software delivery through • Automation • Continuous Integration • Continuous delivery / Continuous Deployment • Rapid Feedback Loops 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 8
  • 9. DevOps – The Three Ways The three ways form a framework for achieving high performance and continuous improvement within organizations adopting DevOps. • The First Way - Principles of Flow: focuses on optimizing the flow of work from development to operations. This includes continuous delivery and integration, ensuring that code changes are released quickly and reliably. The aim is to minimize work in progress and reduce bottlenecks. • The Second Way - Principles of Feedback: emphasizes the importance of feedback loops at all stages of the development process. This includes automated testing, monitoring, and alerting to gain insights into system performance and user experience. The goal is to learn from failures and successes to improve the system continuously. • The Third Way - Principles of Continual Learning and Experimentation: encourages a culture of innovation, where teams are empowered to experiment and learn from failures. This involves creating a safe environment for risk-taking, allowing for the rapid iteration of processes and practices. The focus is on fostering collaboration, knowledge sharing, and adaptation. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 9
  • 10. DevOps – Infinity Loop 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 0
  • 11. DevSecOps - Definition DevSecOps - Is the practice of integrating security throughout the CI/CD process. It grew out of the DevOps movement and builds on the same foundational frameworks. - Focuses on “shifting security left” into active development instead of addressing it after code has been developed. - The objective being to strengthen security and compliance by addressing security concerns as they arise during the development process. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 1
  • 12. DevSecOps – Infinity Loop 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 2
  • 13. GitHub – DevSecOps Enablement 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 1 3
  • 14. GitHub – Workflows & Actions In the context of DevSecOps CI/CD • GitHub Workflows are automated processes that orchestrate various stages of software development, such as building, testing, and deploying applications. • These workflows utilize GitHub Actions, which are individual tasks that perform specific functions—like running tests, checking code quality, or deploying to production • Together they allow teams using GitHub to automate and streamline their continuous integration and continuous deployment pipelines, ensuring faster, more reliable and more secure software delivery. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 4
  • 15. The Application 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 1 5
  • 16. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 6 genai-musings - GitHub Organization
  • 17. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 7 chatting-with-ChatGPT - GitHub Repository
  • 18. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 8 chatting-with-ChatGPT - OpenAI Integration Hello World for the AI Age
  • 19. GitHub – Workflows / DevSecOps CI/CD 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 1 9 Plan No specific workflows. Code linter - (code quality) Spellcheck- (documentation quality) md-links - (checks for broken links in documentation) Build docker_build_push Release docker_build_push Deploy docker_push_readme (updating documentation) Operate No specific workflows. Monitor No specific workflows. Test test (unit/integration tests) coverage (code coverage analysis) bandit (SAST for Python code) codeql (SAST for code analysis) safety (SAST for dependency vulnerability checks) trivy (DAST for container image security scanning)
  • 20. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 0 chatting-with-ChatGPT – GitHub Workflows
  • 21. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 1 chatting-with-ChatGPT - test.yaml CI Test Workflow
  • 22. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 2 chatting-with-ChatGPT - safety.yaml CI SAST Workflow
  • 23. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 3 chatting-with-ChatGPT - docker-build-push.yaml CD Workflow
  • 24. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 4 chatting-with- ChatGPT - docker-build- push.yaml CD Workflow – DAST (Trivy)
  • 25. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 5 genai-musings - Template, Repo Template • Site - https://www.cyberdynesystems.ie • API – https://www.cyberdynesystems.ie/dev/api • API Key - https://www.cyberdynesystems.ie/dev/keys • GitHub Repository - https://github.com/genai-musings/template-repo- template • Docker Image - https://hub.docker.com/r/genaimusings/template-repo- template
  • 26. GitHub – DevSecOps - Workflow Outputs 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 2 6
  • 27. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 7 chatting-with-ChatGPT Actions
  • 28. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 8 chatting-with-ChatGPT - spellcheck.yaml CI Spell Check Workflow - Failure
  • 29. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 2 9 chatting-with-ChatGPT - test.yaml CI Unit Test Workflow - Failure
  • 30. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 0 chatting-with-ChatGPT – docker-build-push.yaml CI Workflow – GitHub Action Node Module Depreciation Failure
  • 31. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 1 chatting-with-ChatGPT - docker-build-push.yaml CD Workflow – DAST - Failure
  • 32. 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 2 Docker Hub - genaimusings
  • 33. Conclusions 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 3 3
  • 34. Conclusions 1 6 / 1 1 / 2 0 2 4 P Y C O N I R E L A N D 2 0 2 4 3 4 This session highlighted the benefits of using the GitHub ecosystem for implementing DevSecOps and CI/CD practices for Python applications. Benefits highlighted included: • Streamlined Collaboration – through pull requests and code reviews. • Integrated SAST and DAST Security Practices – via GitHub Actions and Dependabot. • Automated Testing and Deployment – implemented using GitHub Actions speeds up delivery. • Visibility and Monitoring – insights provided into commit history, release management and deployment statuses. • Scalability and Flexibility - the support for an extensive range of integrations and tools tailored for Python applications that can be incorporated in CI/CD pipelines.
  • 35. Q&A & Thanks 8 / 0 5 / 2 0 X X P Y C O N I R E L A N D 2 0 2 4 3 5