Skip to content

arkavo-org/devsecops

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DevSecOps

DevSecOps LangGraph

Introduction

This repository is an amalgamation of best-in-class tools in Security and AI, arranged to work together with minimum configuration. Practically it serves as the entire backend for the Arkavo forum.

Components of this repo include

  • Ollama - The best-in-class open-source LLM management solution
  • Keycloak - The best-in-class open-source identity and auth solution
  • OpenTDF - The best-in-class Attribute-Based Access Control (ABAC) addendum to Keycloak
  • Org - Handles needs of organizations using Arkavo forum - Events, Communications, Permissions
  • Nginx-Proxy - Serves the other services as HTTPS
  • AICouncil - Recommends improvements to this repo in real time

System Diagram

Architecture

System Diagram - Mermaid

graph LR
    %% Define components
    Keycloak["Keycloak+DB"]
    OpenTDF["OpenTDF+DB"]
    OrgBackend["Org-Backend"]
    ReactFrontend["React-Frontend"]

    %% Connections with labels
    OpenTDF -->|Authenticates with| Keycloak
    OrgBackend -->|Authenticates with| Keycloak
    ReactFrontend -->|Authenticates with| Keycloak
    ReactFrontend -->|Interacts with| OpenTDF
    ReactFrontend -->|Interacts with| OrgBackend
Loading

AICouncil

Tools are included to enforce OWASP best practices, run continuous AI-driven penetration testing, and provide implementation feedback on request. An AI Council engages in consistant dialogue about the "main" and "dev" branch and may make pull requests according to Robert's Rules of Order following in vivo testing.

Prerequisites

Setup

.env

ANTHROPIC_API_KEY=abc
GITLAB_URL=http://gitlab.localhost
GITLAB_REPOSITORY=def
OPENBAO_URL=http://gitlab.localhost:8020
OPENBAO_TOKEN=ghi

Ollama

ollama install llama3.2
ollama install deepseek-coder-v2

LangGraph

uv add langgraph langsmith langchain_anthropic

Tools

uv add langchain_community duckduckgo-search langchain-ollama python-gitlab docker

Patch

uv add urllib3==1.26.5
uv add langgraph==0.2.50

GitLab CE Docker Setup

This guide helps you set up GitLab Community Edition using Docker Compose on Colima.

Prerequisites

  • Colima installed and running
  • Docker and Docker Compose installed
  • At least 4GB of RAM allocated to Colima
  • At least 50GB of disk space

Setup Steps

  1. Start Colima with sufficient resources:
colima start --cpu 4 --memory 8 --disk 50
  1. Add GitLab hostname to your hosts file:
sudo echo "127.0.0.1 gitlab.localhost" >> /etc/hosts
  1. Start GitLab:
docker-compose up
  1. root password:
docker-compose exec gitlab grep 'Password:' /etc/gitlab/initial_root_password

First-time Access

  1. Wait for GitLab to start (this may take a few minutes)
  2. Access GitLab at http://gitlab.localhost
  3. The first time you visit, you'll be asked to set a password for the root user
  4. Default username is root

Important Notes

  • Initial startup may take 5-10 minutes
  • The first password you set will be for the root user
  • SSH is available on port 2224
  • HTTP is available on port 80
  • HTTPS is available on port 443

Maintenance Commands

Stop GitLab:

docker compose down

Backup GitLab:

docker compose exec gitlab gitlab-backup create

View logs:

docker compose logs -f gitlab

System Requirements

Minimum recommended specifications for production use:

  • CPU: 4 cores
  • RAM: 8GB
  • Storage: 50GB

Troubleshooting

If GitLab fails to start:

  1. Check logs: docker compose logs -f gitlab
  2. Ensure sufficient system resources
  3. Verify all ports are available
  4. Check file permissions in mounted volumes

For persistent permission issues:

sudo chown -R 998:998 gitlab/

Graph

graph TD
    %% Current System Structure

    START((START))
    haiku[haiku]
    llama[llama]
    deepseek[deepseek]
    tools[tools]
    gitlab[gitlab]
    secrets[secrets]
    END((END))

    %% Styling
    classDef default fill:#bbf,stroke:#333,stroke-width:1px;
    classDef router fill:#f9f,stroke:#333,stroke-width:2px;
    classDef eend fill:#f96,stroke:#333,stroke-width:2px;
    classDef sstart fill:#9f9,stroke:#333,stroke-width:2px;

    class START sstart;
    class END eend;
    class haiku,llama,deepseek,tools,gitlab,secrets default;
Loading