It is finally time to look at what we are building at Operous and how our approach has some neat ideas.
First of all, our primary entity for the product is a server. It doesn’t matter where the server is or which type it might be: physical or virtual, on-premise or public cloud instance, if it is reachable over the Internet, we will support it.
We need servers for almost everything, including running containers. There are millions of servers in the world, and that number is not slowing down anytime soon.
Whereas servers are a solution, they might also be part of the problem, especially if you are a small team with minimal experience and limited resources and knowledge about adequately taking care of them.
That's where Operous kicks-in to power-up your development team!
Operous basic usage
The first thing you need to do is to register your server. We made this step easy and fast, using an approach very familiar even for inexperienced people
That's it! It is just a single command that you copy and paste, and the registration phase ends. You can integrate our installer into your provisioning workflow or configuration management tool. We will provide samples and documentation for that.
After the server is registered, Operous will test it and quickly report possible improvements regarding configuration, performance, and security.
All communication between our product and your servers is strongly encrypted using SSH. We are using a key rotation method that will be detailed soon if that is important to you.
A test is the smallest unit used to identify and verify the state of a given configuration. Once Operous executes a given test, it should result in a pass or fail condition.
We are developing many tests for various purposes, like operating system configuration, Kubernetes, Docker, Elastic stack, security policies, security hardening, etc.
A report contains the result of the execution of the tests on a server. This report contains actionable information and code samples for your team to fix all the issues Operous detected.
CI/CD integration
Although you can use Operous' interface to manage the execution of the tests on your servers, the primary operation mode is integrated with your application CI/CD workflow at a pre or post-deployment stage.
So not only is your application tested in a CI/CD workflow, but tests run on your servers as well in the same workflow.
Our first integration will be with GitHub Actions, and we will publish an Action on the GitHub Marketplace.
name: Test Production Environment
on: deployment_status
jobs:
scan:
runs-on: ubuntu-latest
name: Test Production Servers
steps:
- name: Test App Server
uses: operous/runner@master
if: github.event.deployment_status.state == 'success'
with:
api_token: ${{ secrets.OPEROUS_API_TOKEN }}
server_name: web01
profiles:
- linux-baseline
- ssh
- nginx
- name: Test Database Server
uses: operous/runner@master
with:
api_token: ${{ secrets.OPEROUS_API_TOKEN }}
server_name: db
profiles:
- linux-baseline
- ssh
- postgresql
Want to be the first to use Operous? Subscribe to the mailing list to receive product updates and join the beta!
Know more about Operous and how it can help hardening SSH servers with the vulnerability scanner
Top comments (0)