Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

# 🚀 DevOps-OS

**Automate your entire DevOps lifecycle — from CI/CD pipelines to Kubernetes deployments and SRE dashboards — using a conversational AI assistant or a single CLI command.**
**Automate your entire DevOps lifecycle — from CI/CD pipelines to Kubernetes deployments, infrastructure hardening baselines, and SRE dashboards — using a conversational AI assistant or a single CLI command.**

[![CI](https://github.com/cloudengine-labs/devops_os/actions/workflows/ci.yml/badge.svg)](https://github.com/cloudengine-labs/devops_os/actions/workflows/ci.yml)
[![Sanity Tests](https://github.com/cloudengine-labs/devops_os/actions/workflows/sanity.yml/badge.svg)](https://github.com/cloudengine-labs/devops_os/actions/workflows/sanity.yml)
Expand All @@ -29,6 +29,7 @@ DevOps-OS is an open-source DevOps automation platform that scaffolds production
| 🚀 **CI/CD Generators** | One-command scaffolding for GitHub Actions, GitLab CI, and Jenkins pipelines |
| ☸️ **GitOps Config Generator** | Kubernetes manifests, ArgoCD Applications, and Flux CD Kustomizations |
| 📊 **SRE Config Generator** | Prometheus alert rules, Grafana dashboards, and SLO manifests |
| 🔐 **Infrastructure Hardening** | Generate Kyverno policies, InSpec profiles, Checkov checks, and compliance mappings for CIS, STIG, NSA/CISA, Pod Security Standards, and Essential Eight baselines |
| 🧪 **Unit Test Scaffold** | Generate pytest, Jest, Vitest, Mocha, or Go test configs with one command |
| 🤖 **MCP Server** | Plug DevOps-OS tools into Claude or ChatGPT as native AI skills |
| 🛠️ **Dev Container** | Pre-configured multi-language environment (Python · Java · Go · JavaScript) |
Expand Down Expand Up @@ -179,6 +180,9 @@ python -m cli.devopsos scaffold argocd --name my-app --method flux --repo https:
# SRE configs (Prometheus, Grafana, SLO) → sre/ directory
python -m cli.devopsos scaffold sre --name my-app --team platform --slo-target 99.9

# Infrastructure hardening baselines → hardening/ directory
python -m cli.devopsos scaffold hardening --standard cis-k8s --type kyverno --environment production

# Dev container configuration → .devcontainer/devcontainer.json + .devcontainer/devcontainer.env.json
python -m cli.devopsos scaffold devcontainer --languages python,go --cicd-tools docker,terraform --kubernetes-tools k9s,flux

Expand All @@ -195,7 +199,8 @@ python kubernetes/k8s-config-generator.py --name my-app --image ghcr.io/myorg/my

Use `python -m cli.devopsos scaffold --help` to list all available targets and `python -m cli.devopsos scaffold <target> --help` to see every option for a specific target.

> See [CLI Commands Reference](docs/CLI-COMMANDS-REFERENCE.md) for the full option tables and every default output path.
> See [CLI Commands Reference](docs/CLI-COMMANDS-REFERENCE.md) for the full option tables and every default output path.
> For hardening-specific standards, outputs, and examples, see [Infrastructure Hardening Sprint](docs/devops-os-hardening-sprint.md).

---

Expand Down Expand Up @@ -274,6 +279,10 @@ python -m cli.devopsos scaffold argocd --name my-app --method flux --repo https:
# ── SRE (Prometheus + Grafana + SLO) ──────────────────────────────────────
python -m cli.devopsos scaffold sre --name my-app --team platform --slo-target 99.9

# ── Infrastructure Hardening ───────────────────────────────────────────────
python -m cli.devopsos scaffold hardening --standard cis-k8s --type kyverno --environment production
python -m cli.devopsos scaffold hardening --standard all --output hardening

# ── Dev Container ──────────────────────────────────────────────────────────
python -m cli.devopsos scaffold devcontainer --languages python,go --cicd-tools docker,terraform

Expand Down Expand Up @@ -305,7 +314,7 @@ python -m cli.devopsos scaffold gha --help
devops_os/
├── .devcontainer/ # Dev container config (Dockerfile, devcontainer.json, setup scripts)
├── .github/workflows/ # CI, Sanity Tests, and GitHub Pages workflows
├── cli/ # CLI scaffold tools (scaffold_gha, gitlab, jenkins, argocd, sre, unittest, devopsos)
├── cli/ # CLI scaffold tools (gha, gitlab, jenkins, argocd, sre, hardening, unittest, devopsos)
├── kubernetes/ # Kubernetes manifest generator
├── mcp_server/ # MCP server for AI assistant integration (Claude, ChatGPT)
├── skills/ # Claude & OpenAI tool/function definitions
Expand Down Expand Up @@ -392,6 +401,7 @@ You can also customize `.devcontainer/devcontainer.env.json` directly to enable
| [🔧 Jenkins Pipeline Generator](docs/JENKINS-PIPELINE-README.md) | Generate and customize Jenkins pipelines |
| [🔄 ArgoCD / Flux GitOps](docs/ARGOCD-README.md) | Generate ArgoCD Applications and Flux Kustomizations |
| [📊 SRE Configuration](docs/SRE-CONFIGURATION-README.md) | Prometheus rules, Grafana dashboards, SLO manifests |
| [🔐 Infrastructure Hardening](docs/devops-os-hardening-sprint.md) | Standards, output layout, and CLI examples for the hardening scaffold |
| [🧪 Unit Test Scaffold](docs/CLI-COMMANDS-REFERENCE.md#devopsos-scaffold-unittest--unit-test-scaffold-generator) | Generate pytest, Jest, Vitest, Mocha, or Go test configs |
| [☸️ Kubernetes Deployments](docs/KUBERNETES-DEPLOYMENT-README.md) | Generate and manage Kubernetes deployment configs |
| [🤖 MCP Server](mcp_server/README.md) | Connect DevOps-OS tools to Claude or ChatGPT |
Expand Down
54 changes: 54 additions & 0 deletions cli/devopsos.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
import cli.scaffold_sre as scaffold_sre
import cli.scaffold_devcontainer as scaffold_devcontainer
import cli.scaffold_unittest as scaffold_unittest
import cli.scaffold_hardening as scaffold_hardening
import cli.process_first as process_first
from cli import __version__

Expand Down Expand Up @@ -628,6 +629,59 @@ def scaffold_unittest_cmd(
_run_scaffold(scaffold_unittest.main, flags)


# ── scaffold hardening ──────────────────────────────────────────────────────

@scaffold_app.command("hardening")
def scaffold_hardening_cmd(
ctx: typer.Context,
standard: str = typer.Option("all", envvar="DEVOPS_OS_HARDENING_STANDARD",
help=(
"Hardening standard: cis-k8s, stig-k8s, nsa-k8s, "
"cis-docker, cis-rhel9, cis-ubuntu22, pod-security, "
"image-signing, asvs-l1, essential-eight, all (default: all)"
)),
output_type: str = typer.Option("all", "--type", envvar="DEVOPS_OS_HARDENING_TYPE",
help="Output type: kyverno, inspec, checkov, all (default: all applicable)"),
output: str = typer.Option("hardening", "--output", envvar="DEVOPS_OS_HARDENING_OUTPUT",
help="Output directory (default: ./hardening/)"),
compliance_framework: str = typer.Option("", "--compliance-framework",
envvar="DEVOPS_OS_HARDENING_COMPLIANCE_FRAMEWORK",
help=(
"Tag outputs with compliance framework IDs "
"(pci-dss, hipaa, iso27001, rbi, nist-800-53, soc2)"
)),
severity: str = typer.Option("medium", envvar="DEVOPS_OS_HARDENING_SEVERITY",
help="Minimum severity level: critical, high, medium, low (default: medium)"),
environment: str = typer.Option("production", envvar="DEVOPS_OS_HARDENING_ENVIRONMENT",
help=(
"Target environment profile: dev, staging, production "
"(adjusts enforcement levels, default: production)"
)),
):
"""Generate infrastructure hardening configs (CIS, STIG, NSA, PSS, ASVS L1, Essential Eight).

\b
Examples:
devopsos scaffold hardening --standard cis-k8s --output hardening/
devopsos scaffold hardening --standard stig-k8s --output hardening/
devopsos scaffold hardening --standard cis-rhel9 --type inspec --output hardening/
devopsos scaffold hardening --standard all --type kyverno --output hardening/
devopsos scaffold hardening --standard asvs-l1 --output hardening/
devopsos scaffold hardening --standard cis-k8s --compliance-framework pci-dss --output hardening/
"""
_show_help_if_no_opts(ctx)
flags = [
"--standard", standard,
"--type", output_type,
"--output", output,
"--severity", severity,
"--environment", environment,
]
if compliance_framework:
flags += ["--compliance-framework", compliance_framework]
_run_scaffold(scaffold_hardening.main, flags)


@app.command()
def init(
directory: str = typer.Option(".", "--dir", help="Target directory in which the .devcontainer folder will be created (defaults to the current directory)"),
Expand Down
Loading