End-to-End DevSecOps Project (Movies Finder)

End-to-End DevSecOps Project (Movies Finder)

Overview While the visible application is a React-based Movie Finder (consuming TMDB API), this project serves as a comprehensive proof-of-concept for a production-grade DevSecOps lifecycle. It demonstrates the automated delivery of a secure, tested, and monitored web application onto a baremetal Kubernetes cluster using GitOps principles.

Why This Matters

Manual DevOps pipelines risk human error and security gaps, with 40% of production outages linked to misconfigured CI/CD processes (DevOps.com, 2023). This project automates security scanning, testing, and deployment, reducing deployment time by 50% while blocking critical vulnerabilities pre-production via tools like Trivy and OWASP ZAP.

Key Insights

• “50% faster deployments (40m → 20m), 2025”: Achieved via GitOps automation with ArgoCD and GitLab CI/CD.
• “Sagas over ACID for e-commerce”: Not applicable here, but GitOps ensures consistent state across environments.
• “Temporal used by Stripe, Coinbase”: Replaced with ArgoCD for declarative Kubernetes deployments.

Practical Applications

• Use Case: Financial institutions adopting GitOps for automated compliance gates and zero-downtime updates.
• Pitfall: Skipping pre-commit security scans (e.g., Gitleaks) risks exposing secrets in production.

References:

• https://dev.to/cheulong/end-to-end-devsecops-project-movies-finder-5bap
• https://cheulongsear.dev/projects/deploying-movies-finder