DevSecOps Finest Practices– Building an E-Commerce Application on Alibaba Cloud

In this post, we will check out the idea of DevSecOps and talk about how we can apply its principles by constructing an e-commerce application on Alibaba Cloud.Gartner anticipates that,”By 2019, more than 70%of enterprise DevSecOps initiatives will have integrated automatic security vulnerability and configuration scanning for open-source parts and industrial packages, up from less than 10%in 2016. By 2021, DevSecOps practices will be embedded in 80%of fast advancement teams, up from 15%in 2017.”Recently, we can see a shift in the maturity model of software development life process(SDLC

)from Waterfall to Agile, and a huge culture shift to DevOps. Continuous integration, continuous implementation, and constant shipment are now required for software development. One significant element that lots of developers tend to ignore in DevOps is security. Integrating security at every phase of DevOps lifecycles is a necessary aspect to DevSecOps.What Is DevSecOps?DevSecOps is a software development principle or mindset that aims at unifying development, operations, and security as a single process

in SDLC. In easy terms, DevSecOps is quite like DevOps however with an added emphasis on security. In the process of executing DevSecOps, there is also a requirement for DevOps tools, microservices, containers, automation, APIs, and testing tools.Source: Annotated DevSecOps Cycle, Larry Maccherone.Let’s go over a five-step process to successfully implement DevSecOps: Step 1: Start With DevOps and Shift Left In software advancement, the idea of moving left

moves tasks, such as testing, previously in the cycle

so that these jobs occur in parallel with advancement activities.The brand-new application landscape

is an opportunity to integrate security steps previously in

  1. the development process to enhance the security of the code that reaches production.Integration of SAST, DAST, Penetration Evaluating with Vulnerabilities is important.Step 2: Embrace Microservices We require to build application much faster so we require a microservices architecture.With microservices, large and complicated systems are decoupled into simple, independent tasks. This brings dexterity and positioning with the overall company and helps the designer make modifications to the code instantly for the customers.Step 3: Use Containers as Part of the DevSecOps Lifecycle Software containers accelerate development by enabling applications to be broken
    1. down into microservices.Containers hold packaged pieces of software that consist of all the elements(the software application, system libraries, and file system) required to run the service. This can enhance the quality of testing and reduce the complexity of integration and deployment.Step 4: Build Software Application Code With Automation aims to not just enhance the software development system however also fill in the loopholes developed by

      1. manual efforts in the software advancement model.Organizations can adopt automation to tackle frequent regression testing models and seek to speed up the delivery process.Developers will discover automation a blessing when working on microservices architecture or when working on incredibly large projects.Step 5: Integrate API Gateway An API entrance develops a single entry point for all demands originating from clients. This insulates the clients from

      being problem by comprehending how an application

      1. might be separated into microservices. This likewise enables customers to retrieve information from multiple services with only one request.DevSecOps on Alibaba Cloud Alibaba Cloud uses an integrated bundle to achieve DevSecOps: Alibaba Cloud Container Service provides support for Kubernetes clusters.Using the application implementation ability of Alibaba Cloud Resource Orchestration
      2. Service(ROS ), users can create an extremely available and secure Kubernetes cluster with one click by utilizing ROS templates.The Kubernetes cluster consolidates Alibaba Cloud’s storage, network, virtualization, and security capabilities to provide a high-performance application management that simplifies cluster production and expansion.Kubernetes deployed on Alibaba Cloud facilitates release, growth, and management of containerized applications It further concentrates on containerized management and application advancement, and comes with the following features: Flexible expansion and self-reparation. Service discovery and server load balancing.Service publication and rollback.Secrets and configuration management.The solution architecture of the services from Alibaba Cloud is shown below.The container option architecture discussed above acts as a microservice for software
      3. advancement. A Kubernetes cluster provides excellent assistance for microservice operations, so you can focus on the advancement and version of application.Splitting a huge app into a collection of microservices permits nimble development, screening, deployment, and O&M. Microservices are also simple to understand, establish, and preserve. Additionally, the complimentary structure and technical options promote efficient communication within teams.Additionally, Alibaba microservices have the following features: Lightweight deployment Streamlined container management Low impact on other services As a last step, Alibaba Cloud provides the automation required
      4. to execute the DevSecOps.Alibaba Cloud provides supports Packer and Terraform for core product packaging and infrastructure provisioning. These tools allow users to quickly release their infrastructure and application on Alibaba Cloud. Enterprise company’s
      5. rapid version of applications and infrastructure along with continuous development guarantee boosted

      operations and minimize maintenance costs.Furthermore, Alibaba Cloud supplies a set of

      flexible services created to help clients to quickly and dependably construct and deliver items using Alibaba Cloud and DevOps practices. With the assistance of Terraform and Packer, Alibaba Cloud customers can have impactful workflows to handle their worldwide infrastructure.Subsequently, users can conserve time and focus on delivering business-critical requirements. Packer users can quickly build and configure personalized images on Alibaba Cloud utilizing the same workflow and configuration as utilized for managing images on other platforms. Terraform users can provision calculate, network, and storage resources on Alibaba Cloud using similar workflow and setup as they would when handling

      1. facilities on other clouds.Building an E-Commerce Portal Using DevSecOps Based on the architecture discussed above, I have assisted a

      customer host an e-commerce website using this platform. The e-commerce portal is geared up with simple functionalities, focusing mainly on electronic products– mobile phones, laptop computers, tablets, house automation products, and cameras.The shop has the minimum functions listed below: Order-Level Data FSN ID: The special identification of each SKU Order Date: Date on which the order was put Order ID: The distinct identification number of each order Order item ID: Suppose you order 2 various items under the very same order, it produces 2 various order Product IDs under the

      very same order ID; orders are tracked by the Order Product ID.GMV: Gross Product Worth or Profits Systems: Variety of systems of the specific item sold Order payment type: How the order was paid– prepaid or cash on delivery SLA: Variety of days it generally requires to provide the product Cust id: Unique identification of a consumer Product MRP: Maximum retail price

      of the product Item procurement SLA: Time normally taken to obtain the item Innovation Stack A Linux or Windows machine JDK 8 or later Apache Maven 3 or later Eclipse or other code editor of your choice Spring MVC 4.2.5 Hibernate 5.x Database: Oracle, Mysql, SQL Server, RDS Solution Architecture of the E-Commerce Platform How to Carry out the Solution with DevSecOps Construct the shop modules utilizing Java and JDK. This includes Order Management, Shop Management, Customer management, Payment module, and Consumer service.Shift left in constant shipment. This is done by integrating security options to the modules, consisting of including WAF, anti-fraud, Server Guard, security testing, and CloudMonitor.Enable the microservices architecture in the above 2 steps. This makes the portal scalable and brings agility and alignment to business. With this solution, you can make changes to the code immediately for customers.Integrate flexible computing in the cloud release utilizing Server Load Balancer, Car Scaling and Elastic Compute Service (ECS

      1. ). We utilized containers as a part of DevOps lifecycle. Containers hold packaged pieces of software application which contain all the components (the software, system libraries, and file system)required to run the service. We utilized Vehicle Scaling to get used to the need of the client spike during peak shopping season.Also as a part of Advancement lifecycle, you can utilize Message Service to aid with automation.
      2. Message Service is beneficial for normal large-scale, high-reliability, high-concurrency software application code automation.Integrate item storage and also the backend with APIs. You’ll likewise require databases to process massive volumes of images and transcoding abilities for image processing, and handling audio and video content.Merge CDN with the lifecycles to accelerate content shipment for
      3. end users.Once you finish the 7 steps above, you’ll need to maintain the operations of the lifecycle with Cloud Monitor.Hosting the E-Commerce Portal There are numerous readily available ways for you to host your e-commerce portal. For my option

        • , I have actually chosen the web hosting service

        • by Alibaba Cloud

        • . Alibaba Cloud Webhosting

        • is a versatile and user friendly item that enables

        • you to build or transfer a site

          utilizing FTP. It supports

        • a wide range of web home builders and is ideal for

        all kinds of applications, from personal blog sites to e-commerce sites. All you require to do is select

        1. your favored plan and log in to the Alibaba Cloud Management Console.As the next action, we require to obtain FTP credentials.
        2. On your console, browse to the Webhosting section under the Domains & Sites. Go to File management and select upload website. On the Upload Website page, you can get the qualifications for the FTP or reset the password for the FTP login.Once this is completed then we can now handle our web files using an FTP customer. We will be utilizing Filezilla as our FTP customer. We require to open Filezilla and enter the Hostname, Username, and Password acquired from the Web Hosting management console to enable a fast connect.Upload your codebase in the htdocs folder. Then, you’ll need to bind a domain to the Alibaba Cloud Server. We have to check out the console and click on Add-on Domains on the left-hand panel. Then enter the domain to bind it with the test domain name by clicking OK. Deal with the domain to *.aliwebs.com using CNAME. Strike the domain name and you will be able to see the site homepage.Reference Microservices We later integrated the entire solution using Kubernetes and automated deployment. The architecture is very flexible and enables integration with microservices. I have used a couple of open-source microservices such as Hystrix and Mayhem Monkey.I have actually also added a standard cryptocurrency wallet and the APIs for cryptocurrency API integration utilizing blockcypher.Conclusion We have shown the ability to produce an e-commerce application with crypto-wallet combination utilizing DevSecOps principles on Alibaba Cloud. This platform also makes use of constant deployment and automation using DevOps.Because continuous combination and continuous implementation

        (CI/CD)are core functions of DevOps, it is clear that automation is a considerable factor to the whole DevOps design. Automation aims to

        not just improve the software application advancement system however likewise fill in the loopholes developed by manual efforts in the software application advancement model. Organizations can embrace automation to take on regular regression screening models and look for to speed up the shipment process.Additionally, designers will find automation a true blessing when working on microservices architecture. Lastly, with SecOps, security functions such as OAuth are likewise incorporated into the platform.