Hugging Face's logo

shaikhsalman
/
devsecops-platform

devsecops
llm
sft
lora
tulu-3
kubernetes
terraform
Model card Files
xet
 Community
devsecops-platform / model /GOLDEN_PATH_CHECKLIST.md
shaikhsalman's picture
shaikhsalman
refactor: merged structure - model at center, DevSecOps wrapped around it
9d4d5c7 verified
preview code
|
raw
history blame contribute delete
1.24 kB

Microservice Golden Path Checklist

Pre-Deployment

  • Service name follows naming convention: lowercase-hyphenated
  • Dockerfile uses multi-stage build + distroless base
  • Image is signed with Cosign
  • SBOM is generated and attested
  • All security scans pass (Trivy, Semgrep, Checkov)
  • Health endpoints: /healthz (liveness) + /readyz (readiness)
  • Graceful shutdown handles SIGTERM

Kubernetes

  • Resource requests AND limits defined
  • runAsNonRoot: true + readOnlyRootFilesystem: true
  • capabilities.drop: ["ALL"]
  • Probes configured (liveness + readiness)
  • PDB created (minAvailable >= 2)
  • HPA configured
  • NetworkPolicy: default deny + selective allow
  • Secrets from External Secrets Operator (not hardcoded)
  • automountServiceAccountToken: false (unless needed)
  • TopologySpreadConstraints for multi-AZ

Observability

  • Prometheus metrics endpoint exposed
  • Structured JSON logging
  • OpenTelemetry traces emitted
  • Dashboard exists in Grafana
  • Alert rules defined in Prometheus

CI/CD

  • DevSecOps pipeline passes (SAST + scan + sign + test)
  • ArgoCD application manifest created
  • Kustomize overlay for each environment