diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000..dbba498 Binary files /dev/null and b/.DS_Store differ diff --git a/.github/workflows/pages.yml b/.github/workflows/jekyll.yml similarity index 73% rename from .github/workflows/pages.yml rename to .github/workflows/jekyll.yml index 6564156..61f2d80 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/jekyll.yml @@ -7,6 +7,7 @@ name: Deploy Jekyll site to Pages on: + # Runs on pushes targeting the default branch push: branches: ["main"] @@ -19,10 +20,11 @@ permissions: pages: write id-token: write -# Allow one concurrent deployment +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. concurrency: group: "pages" - cancel-in-progress: true + cancel-in-progress: false jobs: # Build job @@ -30,16 +32,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + # https://github.com/ruby/setup-ruby/releases/tag/v1.207.0 + uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 with: ruby-version: '3.1' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically cache-version: 0 # Increment this number if you need to re-download cached gems - name: Setup Pages id: pages - uses: actions/configure-pages@v3 + uses: actions/configure-pages@v5 - name: Build with Jekyll # Outputs to the './_site' directory by default run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}" @@ -47,7 +50,7 @@ jobs: JEKYLL_ENV: production - name: Upload artifact # Automatically uploads an artifact from the './_site' directory by default - uses: actions/upload-pages-artifact@v1 + uses: actions/upload-pages-artifact@v3 # Deployment job deploy: @@ -59,4 +62,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v2 + uses: actions/deploy-pages@v4 diff --git a/Gemfile b/Gemfile index d5810e3..e82b3ad 100644 --- a/Gemfile +++ b/Gemfile @@ -5,3 +5,8 @@ gem "jekyll", "~> 4.3.3" # installed by `gem jekyll` gem "just-the-docs", "0.8.1" # pinned to the current release # gem "just-the-docs" # always download the latest release + +gem "csv" +gem "base64" +gem "logger" +gem "bigdecimal" \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 8a36229..f30c68b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -3,8 +3,11 @@ GEM specs: addressable (2.8.6) public_suffix (>= 2.0.2, < 6.0) + base64 (0.2.0) + bigdecimal (3.1.9) colorator (1.1.0) concurrent-ruby (1.2.2) + csv (3.3.3) em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) @@ -12,6 +15,8 @@ GEM ffi (1.16.3) forwardable-extended (2.6.0) google-protobuf (3.25.1) + google-protobuf (3.25.1-arm64-darwin) + google-protobuf (3.25.1-x86_64-darwin) http_parser.rb (0.8.0) i18n (1.14.1) concurrent-ruby (~> 1.0) @@ -52,6 +57,7 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) + logger (1.7.0) mercenary (0.4.0) pathutil (0.16.2) forwardable-extended (~> 2.6) @@ -63,8 +69,13 @@ GEM rexml (3.2.6) rouge (4.2.0) safe_yaml (1.0.5) + sass-embedded (1.69.5) + google-protobuf (~> 3.23) + rake (>= 13.0.0) sass-embedded (1.69.5-arm64-darwin) google-protobuf (~> 3.23) + sass-embedded (1.69.5-x64-mingw-ucrt) + google-protobuf (~> 3.23) sass-embedded (1.69.5-x86_64-darwin) google-protobuf (~> 3.23) sass-embedded (1.69.5-x86_64-linux-gnu) @@ -76,12 +87,20 @@ GEM PLATFORMS arm64-darwin-23 + arm64-darwin-24 + ruby + x64-mingw-ucrt + x86_64-darwin-22 x86_64-darwin-23 x86_64-linux DEPENDENCIES + base64 + bigdecimal + csv jekyll (~> 4.3.3) just-the-docs (= 0.8.1) + logger BUNDLED WITH - 2.3.26 + 2.6.7 diff --git a/README.md b/README.md index c881fb2..0370968 100644 --- a/README.md +++ b/README.md @@ -1 +1,124 @@ -# open-devsecops Website \ No newline at end of file + +[![contributors][contributors-shield]][contributors-url] +[![commits][commits-shield]][commits-url] + + +
+
+ + Open DevSecOps v2 purple bar logo + +

Open DevSecOps v2

+
+ + +
+ Table of Contents +
    +
  1. + About The Project + +
    2. +
  2. + Getting Started + +
    3. +
  3. Contact
    4. +
+
+ + + +## About The Project + +Many students entering the software industry are unprepared for the newest expectations of entry-level roles, where understanding security and efficient operations are the bare-minimum at every phase of the software development lifecycle. The "Open-DevSecOps" project addresses this significant gap in education concerning DevSecOps and CI/CD principles. Our extensively researched online modules aim to offer a free educational service to enhance the understanding and application of these crucial skills. This project strives to provide essential up-to-date training, and shape the security industry's future for the better starting with every new-grad employee. + +### Final Website + +www.katieshi413.github.io/open-devsecops.github.io/ + +### Final Presentation + +https://docs.google.com/presentation/d/1ESrzQka0eZ1L1KLqiXgI0yj2_FuhhFSfokiGwJE8K3o/edit?usp=sharing + +### Built With + +* [![Jekyll][Jekyll]][Jekyll-url] +* [![Ruby][Ruby]][Ruby-url] +* [![Markdown][Markdown]][Markdown-url] + + +

(back to top)

+ + + +## Getting Started + + To get a local copy up and running follow these steps. + +### Prerequisites +- Ruby 3.4.1 +- [Bundler](https://bundler.io/) +- [Jekyll](https://jekyllrb.com/) + +### Installation + +1. Install Ruby and Bundler + + ```sh + # If you haven’t already, install Ruby (version 3.4.1), then install Bundler: + gem install bundler + ``` + +2. Navigate to the project directory + + ```sh + cd your-project-directory + ``` + +3. Install project dependencies + + ```sh + bundle install + ``` + +4. Serve the site locally + + ```sh + bundle exec jekyll serve + ``` +5. Open your browser and visit: + + ```sh + http://localhost:4000 + ``` + +

(back to top)

+ + +## Contact + +

Katie Shi - LinkedIn - katieshi413@gmail.com

+

Emily Choi - LinkedIn - eemilychoi@gmail.com

+

Jocelyn Margarones - LinkedIn - jsmargarones@gmail.com

+

Mor Vered - LinkedIn - mvered9@gmail.com

+

Mira Nair - LinkedIn - miranair004@gmail.com

+ +

(back to top)

+ + +[contributors-shield]: https://img.shields.io/github/contributors/katieshi413/open-devsecops.github.io?style=for-the-badge&color=rgb(68%2C%20204%2C%2017) +[contributors-url]: https://github.com/katieshi413/open-devsecops.github.io/graphs/contributors +[commits-shield]: https://img.shields.io/github/commit-activity/t/katieshi413/open-devsecops.github.io?style=for-the-badge +[commits-url]: https://github.com/katieshi413/open-devsecops.github.io/commits/main/ +[Jekyll]: https://img.shields.io/static/v1?style=for-the-badge&message=Jekyll&color=CC0000&logo=Jekyll&logoColor=FFFFFF&label= +[Jekyll-url]: https://jekyllrb.com/ +[Ruby]: https://img.shields.io/badge/Ruby-CC342D?logo=Ruby&logoColor=white +[Ruby-url]: https://www.ruby-lang.org/en/ +[Markdown]: https://img.shields.io/badge/markdown-%23000000.svg?style=for-the-badge&logo=markdown&logoColor=white +[Markdown-url]: https://www.markdownguide.org/ diff --git a/_config.yml b/_config.yml index a66183b..0e8a76c 100644 --- a/_config.yml +++ b/_config.yml @@ -2,12 +2,18 @@ title: open-devsecops description: 'From Classroom to Industry: Bridging the DevSecOps Knowledge Gap with Open, Practical Learning.' theme: just-the-docs -logo: "/assets/images/opendevsecops-transparent.png" -favicon_ico: "/assets/images/opendevsecops-favicon.ico" +logo: "/assets/images/2.0logobig.png" +favicon_ico: "/assets/images/2.0logobig.png" -url: https://open-devsecops.github.io +# url: https://open-devsecops.github.io +url: "https://katieshi413.github.io" +baseurl: "/open-devsecops.github.io" search_enabled: false +include: + - assets/js/quiz.js + - assets/js/quiz-reset.js + aux_links: Github: https://github.com/open-devsecops Contribute: https://github.com/open-devsecops/open-devsecops.github.io @@ -24,4 +30,8 @@ callouts: color: blue lab: title: Access The Lab - color: purple \ No newline at end of file + color: purple + +sass: + sass_dir: _sass + style: compressed diff --git a/_data/quizzes/topic1/chapter1.yml b/_data/quizzes/topic1/chapter1.yml new file mode 100644 index 0000000..f58574a --- /dev/null +++ b/_data/quizzes/topic1/chapter1.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "What is the primary purpose of the Software Development Life Cycle (SDLC)?" + options: + - "To design user interfaces for software applications" + - "To manage and structure software development and maintenance through distinct phases" + - "To write code in a specific programming language" + - "To automate deployment using CI/CD tools" + correct_index: 1 + explanation: "The SDLC is a structured process that helps manage and guide software development and maintenance through specific phases." + + - prompt: "Which of the following is NOT one of the phases in the traditional SDLC?" + options: + - "Design" + - "Test" + - "Automate" + - "Deploy" + correct_index: 2 + explanation: "Automate is not a standard SDLC phase; the typical phases include Planning, Design, Implement, Test, Deploy, and Maintain." + + - prompt: "True or False: The Maintain phase in SDLC focuses on releasing software into production." + options: + - "True" + - "False" + correct_index: 1 + explanation: "The Deploy phase handles release into production, while the Maintain phase involves ongoing updates and support." + + - prompt: "What is a key benefit of following a structured SDLC process?" + options: + - "Faster typing speed for developers" + - "Reduces testing requirements" + - "Ensures secure and reliable software delivery" + - "Eliminates the need for project planning" + correct_index: 2 + explanation: "One of the main benefits of SDLC is enabling faster, more secure, and reliable delivery of software through structured processes." + + - prompt: "Which SDLC methodology is best suited for projects with fixed, well-defined requirements?" + options: + - "Waterfall" + - "Agile" + - "Scrum" + - "Iterative" + correct_index: 0 + explanation: "Waterfall is ideal for projects where requirements are fixed and unlikely to change." diff --git a/_data/quizzes/topic1/chapter2.yml b/_data/quizzes/topic1/chapter2.yml new file mode 100644 index 0000000..22a2017 --- /dev/null +++ b/_data/quizzes/topic1/chapter2.yml @@ -0,0 +1,41 @@ +questions: + - prompt: "What is one key issue that arises when development and operations teams work in isolation?" + options: + - "Decreased development speed" + - "Better coordination between teams" + - "Conflicting goals and communication gaps" + - "More secure deployment pipelines" + correct_index: 2 + explanation: "Isolated Dev and Ops teams often face communication gaps and misaligned objectives, leading to inefficiencies." + + - prompt: "True or False: Manual testing and deployment processes often result in slower release cycles and delayed feedback." + options: + - "True" + - "False" + correct_index: 0 + explanation: "Manual processes slow down software delivery, making it harder to respond quickly to feedback." + + - prompt: "Which of the following best explains the 'But it works on my machine' syndrome?" + options: + - "A feature passes QA but fails in production due to network issues" + - "Code behaves inconsistently across environments due to configuration mismatches" + - "A user reports a bug that developers can’t reproduce" + - "Developers forget to merge the correct branch" + correct_index: 1 + explanation: "Environment inconsistencies lead to unexpected behavior that doesn't match the developer’s local setup." + + - prompt: "Fill in the blank: Manual infrastructure scaling increases the risk of __________ due to human error and slow responsiveness." + options: + - "Bugs" + - "Data corruption" + - "Deployment automation" + - "System instability" + correct_index: 3 + explanation: "Manual processes are more prone to mistakes and can't respond quickly to load changes, causing instability." + + - prompt: "True or False: DevOps is only about automation tools and does not affect team culture or communication." + options: + - "True" + - "False" + correct_index: 1 + explanation: "DevOps promotes collaboration and culture change, not just tool adoption." \ No newline at end of file diff --git a/_data/quizzes/topic2/chapter1.yml b/_data/quizzes/topic2/chapter1.yml new file mode 100644 index 0000000..2740540 --- /dev/null +++ b/_data/quizzes/topic2/chapter1.yml @@ -0,0 +1,44 @@ +questions: + - prompt: "What is the primary purpose of version control in software development?" + options: + - "It prevents unauthorized users from editing a file." + - "It allows developers to track changes, collaborate, and revert to previous versions of files if necessary." + - "It automates the process of building software from source code." + - "It helps manage user authentication systems in a project." + correct_index: 1 + explanation: "Version control allows developers to track changes, collaborate, and revert to previous versions of files if necessary. This helps maintain a history of changes and prevents conflicts when working collaboratively." + + - prompt: "What is one of the key advantages of using version control in the scenario where Armine and Tigran are working on the same project?" + options: + - "Version control allows them to share the same file without needing to merge their changes." + - "It ensures that both of their changes are automatically merged, without requiring them to review the changes." + - "It enables them to track their changes independently and merge their updates later, preventing conflicts." + - "It prevents them from making any changes to each other's files." + correct_index: 2 + explanation: "Version control enables Armine and Tigran to track their changes independently and merge their updates later, preventing conflicts. This process is essential when multiple developers are working on the same codebase." + + - prompt: "True or False: Version control systems, like GitHub, prevent all types of conflicts between developers working on the same project by automatically merging all changes." + options: + - "True" + - "False" + correct_index: 1 + explanation: "False. Version control systems help manage changes and alert developers to conflicts, but they do not automatically merge all changes. Developers must manually resolve conflicts." + + - prompt: "Which of the following is NOT true about version control systems?" + options: + - "They allow developers to view the history of changes made to files and revert to any previous state." + - "They can automatically detect and resolve any conflicts between different versions of a file." + - "They facilitate collaboration by allowing multiple developers to work on different parts of a project without interfering with each other." + - "They store different versions of files, enabling developers to work on multiple features simultaneously." + correct_index: 1 + explanation: "Version control systems help detect conflicts, but they do not automatically resolve them. Developers must review and merge conflicting changes manually." + + - prompt: "Which of the following best describes how GitHub helps in the version control process?" + options: + - "GitHub is used exclusively for backing up files and does not include version control features." + - "GitHub only serves as a cloud-based storage system for completed software projects and does not support versioning." + - "GitHub is a platform for organizing and managing tasks related to software development but does not play a role in version control." + - "GitHub integrates with version control systems to store files and track changes, while also providing a user interface for collaboration and version history." + correct_index: 3 + explanation: "GitHub is a version control platform that integrates with Git to store files, track changes, and provide collaboration features like issue tracking, pull requests, and version history." + diff --git a/_data/quizzes/topic2/chapter2.yml b/_data/quizzes/topic2/chapter2.yml new file mode 100644 index 0000000..6f9122f --- /dev/null +++ b/_data/quizzes/topic2/chapter2.yml @@ -0,0 +1,41 @@ +questions: + - prompt: "True or False: In Git, all changes in your working directory are committed to the repository when you run git commit, even if they haven't been added to the staging area." + options: + - "True" + - "False" + correct_index: 1 + explanation: "False — Only changes that have been added to the staging area using git add will be included in a commit. Unstaged changes in the working directory are not committed." + + - prompt: "What happens when you run the command git checkout <branch-name>?" + options: + - "It creates a new branch called <branch-name> but doesn't switch to it." + - "It deleted the <branch-name> branch from the respository." + - "It uploads your changes to the remote repository." + - "It switches your local branch to <branch-name> and updates the working directory with that branch's files." + correct_index: 3 + explanation: "git checkout <branch-name> switches to the specified branch and updates the working directory with that branch's contents." + + - prompt: "In Git, the term _________ refers to a snapshot of your project at a specific point in time, which is stored in the repository after running git commit." + options: + - "Working Directory" + - "Staging Area" + - "Commit" + - "Branch" + correct_index: 2 + explanation: "A commit in Git represents a snapshot of your project at a specific point in time." + + - prompt: "Which of the following statements is FALSE regarding Git branches?" + options: + - "A branch in Git does not copy files but simply creates a new pointer to them." + - "You can use branches to experiment with new features without affecting the main codebase." + - "Once a branch is created, it automatically merges into the main branch after a set period." + - "A branch isolates development work, enabling concurrent tasks without conflicts." + correct_index: 2 + explanation: "A branch does NOT automatically merge into the main branch; you have to do it manually using git merge." + + - prompt: "True or False: If you delete a branch using git branch -d <branch-name>, the branch is permanently deleted from your local repository." + options: + - "True" + - "False" + correct_index: 0 + explanation: "True, git branch -d only deletes the LOCAL branch. To delete a branch from the REMOTE, you would use git push origin --delete <branch-name>." diff --git a/_data/quizzes/topic2/chapter3.yml b/_data/quizzes/topic2/chapter3.yml new file mode 100644 index 0000000..a9f4e3c --- /dev/null +++ b/_data/quizzes/topic2/chapter3.yml @@ -0,0 +1,48 @@ +questions: + - prompt: "What is the primary purpose of feature branching in Git?" + options: + - "To fix urgent bugs directly in production" + - "To keep changes isolated for each new feature" + - "To maintain separate branches for release candidates" + - "To rewrite commit history into a linear progression" + correct_index: 1 + explanation: "Feature branching is used to create separate branches for each new feature, keeping changes isolated from the main codebase." + + - prompt: "True or False: Hotfix branches are typically maintained separately for long periods, similar to release branches." + options: + - "True" + - "False" + correct_index: 1 + explanation: "False. Hotfix branches are short-lived branches created quickly to fix urgent bugs, unlike release branches that may be maintained longer." + + - prompt: "What is the role of Pull Requests (PRs) in Git workflows?" + options: + - To directly commit changes to the main branch + - To merge branches automatically without review + - To notify others of pushed changes and facilitate review + - To stash uncommitted changes before switching branches + correct_index: 2 + explanation: "Pull Requests allow developers to tell others about changes pushed to a branch, enabling code review and collaboration." + + - prompt: "In Git, the process of temporarily saving uncommitted changes so you can switch branches without losing your work is called ________." + options: + - "Stashing" + - "Squashing" + - "Fast-Forwarding" + - "Rebasing" + correct_index: 0 + explanation: "Stashing. Stashing allows you to save your changes to a stack so you can safely switch branches." + + - prompt: | + A critical bug was discovered in the production environment. The team needs to fix it immediately without affecting ongoing development work on the main and feature branches. + After the fix is complete, it should be merged into both the main and the release branches. What is the most appropriate approach? + options: + - "Create a feature branch and squash merge it into main" + - "Rebase the main branch on top of the fix" + - "Cherry-pick the fix into all branches" + - "Create a hotfix branch and use a three-way merge into both main and release" + correct_index: 3 + explanation: | + A three-way merge is used when two branches have diverged. In this case, both main and release may have different changes. By creating a hotfix branch and merging it into both using + a three-way merge, Git compares the common ancestor, the hotfix, and the target branch to create a new commit that safely integrates the fix without overwriting existing work. This + ensures stability and preserves history in both branches. \ No newline at end of file diff --git a/_data/quizzes/topic2/chapter4.yml b/_data/quizzes/topic2/chapter4.yml new file mode 100644 index 0000000..e390884 --- /dev/null +++ b/_data/quizzes/topic2/chapter4.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "Which of the following should NOT typically be included in a README file?" + options: + - "Project title" + - "Full API documentation" + - "Installation instructions" + - "Contributing guidelines" + correct_index: 1 + explanation: "Full API documentation is better suited for a wiki or dedicated documentation file. A README should stay concise and high-level." + + - prompt: "True or False: Code comments should explain what the code is doing line by line to ensure full clarity." + options: + - "True" + - "False" + correct_index: 1 + explanation: "Comments should focus on explaining why the code exists or the reasoning behind complex logic — not what the code does line by line." + + - prompt: "A project's __________ is the best place to store tutorials, extended documentation, and design notes." + options: + - "Installation guidelines" + - "Code comments" + - "READMEs" + - "Wiki" + correct_index: 3 + explanation: "Wikis are ideal for more detailed content like tutorials and design notes that don't fit in a README." + + - prompt: "When documenting your code, what should you aim to explain?" + options: + - "Why key decisions were made in the implementation" + - "How to install the program" + - "Each variable used in the program" + - "Syntax of the programming language used" + correct_index: 0 + explanation: "Good inline comments focus on why the code exists or how it solves a problem, not basic syntax or details already obvious from the code." + + - prompt: "You're wrapping up your work on a team project and may be leaving soon. You want to ensure others can continue where you left off. What combination of documentation should you focus on?" + options: + - "A short README and daily status updates via chat" + - "A detailed README and clear, explanatory code comments" + - "Extensive code comments and commit messages only" + - "Use a wiki with technical documentation" + correct_index: 1 + explanation: "A clear README helps new users understand the project, and explanatory code comments clarify decisions within the code. This combo ensures others can continue without needing to ask questions." \ No newline at end of file diff --git a/_data/quizzes/topic2/chapter5.yml b/_data/quizzes/topic2/chapter5.yml new file mode 100644 index 0000000..112b2dd --- /dev/null +++ b/_data/quizzes/topic2/chapter5.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "Which Git command lets you temporarily save your work and switch branches?" + options: + - "git cherry-pick" + - "git save" + - "git stash" + - "git reset" + correct_index: 2 + explanation: "git stash stores your changes temporarily so you can work on something else." + + - prompt: "Which Git hook would you use to run a linter before committing?" + options: + - "pre-commit" + - "post-merge" + - "pre-push" + - "commit-msg" + correct_index: 0 + explanation: "pre-commit runs before a commit is finalized and is commonly used for linting and checks." + + - prompt: "True or False: Forking a repository is the same as cloning it." + options: + - "True" + - "False" + correct_index: 1 + explanation: "Forking creates a copy under your own GitHub account, while cloning makes a local copy of a repo." + + - prompt: "What type of Git tag includes metadata like author and message?" + options: + - Lightweight tag + - Remote tag + - Annotated tag + - Branch tag + correct_index: 2 + explanation: "Annotated tags include metadata and are better suited for release tagging." + + - prompt: "What is the purpose of git bisect?" + options: + - Rewriting commit history + - Running linters before pushing code + - Creating tags for stable releases + - Finding the commit that introduced a bug + correct_index: 3 + explanation: "git bisect helps you find the commit that introduced a bug using binary search." diff --git a/_data/quizzes/topic3/chapter1.yml b/_data/quizzes/topic3/chapter1.yml new file mode 100644 index 0000000..ce74730 --- /dev/null +++ b/_data/quizzes/topic3/chapter1.yml @@ -0,0 +1,45 @@ +questions: + - prompt: "Which three fields does DevSecOps bring together?" + options: + - "Design, Security, Testing" + - "Development, Security, Operations" + - "Data, Security, Development" + - "DevOps, QA, Security" + correct_index: 1 + explanation: "DevSecOps combines Development, Security, and Operations into a unified approach." + + - prompt: "What is the main purpose of shift left testing?" + options: + - "Monitor user behavior in production" + - "Fix bugs after release" + - "Improve infrastructure automation" + - "Implement security testing early in development" + correct_index: 3 + explanation: | + Shift left testing is about catching security vulnerabilities early in the development process, allowing developers to identify and fix + vulnerabilities during design and coding phases, rather than discovering them late in testing or production (where fixes are costlier and riskier). + + - prompt: "True or False: Static Application Security Testing (SAST) occurs while the application is running." + options: + - "True" + - "False" + correct_index: 1 + explanation: "SAST happens before the application compiles. DAST happens during runtime." + + - prompt: "Fill in the blank: In the SDLC, a common issue is that security activities are deferred until the ________ phase." + options: + - "planning" + - "deployment" + - "testing" + - "maintenance" + correct_index: 2 + explanation: "Security is often left until the testing phase, which is too late to catch design-related issues. Addressing security earlier in the SDLC helps reduce the risk of vulnerabilities slipping through." + + - prompt: "Which type of security testing simulates real-world attacks while the app is running?" + options: + - Static testing + - Container scanning + - Dynamic testing + - Code linting + correct_index: 2 + explanation: "Dynamic testing checks for vulnerabilities by simulating attacks while the application runs." \ No newline at end of file diff --git a/_data/quizzes/topic3/chapter2.yml b/_data/quizzes/topic3/chapter2.yml new file mode 100644 index 0000000..a2c18db --- /dev/null +++ b/_data/quizzes/topic3/chapter2.yml @@ -0,0 +1,44 @@ +questions: + - prompt: "True or False: CI/CD stands for Continuous Improvement and Continuous Development." + options: + - "True" + - "False" + correct_index: 1 + explanation: "CI/CD stands for Continuous Integration and Continuous Delivery. It is a set of DevOps practices that help deliver frequent code changes reliably." + + - prompt: "What is the primary difference between Continuous Integration (CI) and Continuous Delivery (CD)?" + options: + - "CI focuses on automating deployment; CD focuses on testing code changes." + - "CI is used only by operations teams; CD is used only by developers." + - "CI ensures code changes are automatically tested; CD ensures those changes are automatically deployed." + - "CI happens after CD in the software development lifecycle." + correct_index: 2 + explanation: "Continuous Integration (CI) automates the testing of code changes while Continuous Delivery (CD) automates the deployment of those changes to production environments." + + - prompt: "Which of the following best describes the relationship between DevOps and CI/CD?" + options: + - "CI/CD is a broader methodology that includes DevOps as a component." + - "CI/CD refers to specific automation practices that are part of the broader DevOps methodology." + - "DevOps and CI/CD are completely unrelated practices." + - "DevOps only applies to development teams, while CI/CD is for operations teams." + correct_index: 1 + explanation: | + DevOps is a broad cultural and technical approach focused on collaboration and automation across the software lifecycle. + CI/CD refers to specific practices within DevOps that automate integration, testing, and deployment. + + - prompt: "Which of the following is NOT a method commonly associated with CI?" + options: + - "Automating the build and test process" + - "Supporting 'fail fast' principles with quick feedback" + - "Automating deployment to production" + - "Identifying integration issues early" + correct_index: 2 + explanation: "Automating deployment is a key part of Continuous Delivery (CD), not CI." + + - prompt: "Fill in the blank: The method that enables organizations to release software updates quickly and reliably while minimizing risks is ________." + options: + - DevOps + - Continuous Integration (CI) + - Continuous Delivery (CD) + correct_index: 2 + explanation: "Continuous Delivery (CD) automates the deployment process, allowing fast and reliable releases with minimized risks." \ No newline at end of file diff --git a/_data/quizzes/topic3/chapter3.yml b/_data/quizzes/topic3/chapter3.yml new file mode 100644 index 0000000..cfc21b6 --- /dev/null +++ b/_data/quizzes/topic3/chapter3.yml @@ -0,0 +1,49 @@ +questions: + - prompt: "True or False: Automated testing reduces the chances of human error by automating repetitive tasks." + options: + - "True" + - "False" + correct_index: 0 + explanation: "Automated testing increases accuracy by minimizing human error in repetitive testing." + + + - prompt: "Which type of automated test checks individual functions or components?" + options: + - "Unit tests" + - "Integration tests" + - "End-to-End tests" + - "Manual tests" + correct_index: 0 + explanation: "Unit tests focus on testing single components or functions in isolation." + + - prompt: "What is a common challenge of automated testing?" + options: + - "It eliminates the need for developers." + - "It requires significant initial setup and ongoing maintenance." + - "It makes manual testing obsolete overnight." + - "It requires no maintenance once setup." + correct_index: 1 + explanation: "Automated testing requires resources to set up and maintain tests as the system evolves." + + - prompt: "Which of the following is NOT a step in building a robust automated testing framework?" + options: + - Define clear objectives + - Hire more manual testers + - Choose the right tools + - Integrate into CI/CD + correct_index: 1 + explanation: "Building an automated framework focuses on objectives, tools, integration, and monitoring, not on hiring + more manual testers." + + + - prompt: "Fill in the blank: One key benefit of automated testing is faster ______, providing immediate insights on code changes." + options: + - feedback + - deployment + - documentation + - debugging + correct_index: 0 + explanation: "Automated tests provide quick feedback, accelerating development cycles." + + + diff --git a/_data/quizzes/topic3/chapter4.yml b/_data/quizzes/topic3/chapter4.yml new file mode 100644 index 0000000..ce360b2 --- /dev/null +++ b/_data/quizzes/topic3/chapter4.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "Fill in the blank: The ______ environment is the live environment used by end users." + options: + - "Production" + - "Staging" + - "Development" + - "Testing" + correct_index: 0 + explanation: "Production is the live environment with real user data and traffic." + + - prompt: "What deployment strategy involves switching traffic between two identical environments to achieve zero downtime?" + options: + - "Canary Deployment" + - "Blue-Green Deployment" + - "Rolling Deployment" + - "Feature Toggles" + correct_index: 1 + explanation: "Blue-Green deployment alternates between two identical environments for easy rollback and minimal downtime." + + - prompt: "True or False: Canary Deployment releases new changes gradually to a small subset of users to gather real user feedback." + options: + - "True" + - "False" + correct_index: 0 + explanation: "Canary Deployment minimizes risk by rolling out changes to a limited audience first." + + - prompt: "Which deployment strategy updates application instances in phases without taking down the entire application?" + options: + - "Immutable Deployment" + - "Blue-Green Deployment" + - "A/B Testing Deployment" + - "Rolling Deployment" + correct_index: 3 + explanation: "Rolling deployment updates in phases, maintaining high availability." + + - prompt: "Fill in the blank: A/B Testing Deployment compares two versions based on ______ to optimize user experience." + options: + - "code quality" + - "deployment speed" + - "specific metrics" + - "database schema" + correct_index: 2 + explanation: "A/B Testing uses traffic segmentation and metrics to validate hypotheses about user behavior." \ No newline at end of file diff --git a/_data/quizzes/topic3/chapter5.yml b/_data/quizzes/topic3/chapter5.yml new file mode 100644 index 0000000..ee2cae2 --- /dev/null +++ b/_data/quizzes/topic3/chapter5.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "What is the main purpose of a webhook in a CI/CD workflow?" + options: + - "To host your application on a server" + - "To notify an external service that an event has occurred in your repository" + - "To merge code automatically into the main branch" + - "To track version history of your project" + correct_index: 1 + explanation: "A webhook sends a notification to an external service (like a CI/CD tool) when a specified event happens in your repo." + + - prompt: "Which content type is commonly used to send data in a webhook request?" + options: + - "XML" + - "YAML" + - "JSON" + - "HTML" + correct_index: 2 + explanation: "JSON is the most commonly used format for webhook payloads due to its wide support and readability." + + - prompt: "Which of the following is a common event that can trigger a webhook in GitHub?" + options: + - "Creating a README file" + - "Cloning a repository" + - "Creating a release" + - "Viewing a pull request" + correct_index: 2 + explanation: "Webhooks can be triggered by events like releases, pushes, and pull request changes." + + - prompt: "True or False: Once a webhook is set up, CI/CD tools automatically trigger based on the rules you define, such as pushes or pull requests." + options: + - "True" + - "False" + correct_index: 0 + explanation: "True. Webhooks notify CI/CD tools automatically based on configured triggers, reducing manual intervention." + + - prompt: "After you push code to GitHub, what is the next step in the webhook workflow?" + options: + - "You manually trigger the test suite" + - "GitHub runs the tests itself" + - "The pull request is automatically merged" + - "GitHub sends a webhook to the CI/CD tool" + correct_index: 3 + explanation: "GitHub sends a webhook to notify the CI/CD system, which then takes the appropriate action." \ No newline at end of file diff --git a/_data/quizzes/topic3/chapter6.yml b/_data/quizzes/topic3/chapter6.yml new file mode 100644 index 0000000..a5f4876 --- /dev/null +++ b/_data/quizzes/topic3/chapter6.yml @@ -0,0 +1,45 @@ +questions: + - prompt: "What is a container in cloud computing?" + options: + - A virtual machine with its own operating system + - A standardized unit of software packaging code and dependencies to run reliably across environments + - A cloud storage bucket for applications + - A physical server hosting multiple applications + correct_index: 1 + explanation: "Containers package code and all dependencies without the overhead of a full OS, unlike virtual machines." + + - prompt: "Which of the following is NOT a benefit of containerization?" + options: + - Portability across environments + - Isolation of applications + - Requires full OS boot per container + - Scalability within a shared OS + correct_index: 2 + explanation: "Containers do not require booting a full OS for each instance, which makes them lightweight." + + - prompt: "An artifact in containerization typically refers to a ______." + options: + - Container image + - Virtual machine + - Source code repository + - Running container + correct_index: 0 + explanation: "An artifact is the container image, a read-only snapshot used to create containers." + + - prompt: "Which use case is NOT typically associated with containerization?" + options: + - Cloud migration of legacy apps + - Manual updating of IoT devices without containers + - Microservices architecture deployment + - Dynamic scaling of applications + correct_index: 1 + explanation: "Manual updates without containers are complex; containerization simplifies deployment and updates." + + - prompt: "Which of the following best describes fault tolerance in containerization?" + options: + - Fault tolerance is not possible in containers + - One faulty container does not affect others running on the same host + - Containers share faults between them + - All containers stop when one container fails + correct_index: 1 + explanation: "Containers are isolated, so faults in one do not impact others, improving application resilience." \ No newline at end of file diff --git a/_data/quizzes/topic4/chapter1.yml b/_data/quizzes/topic4/chapter1.yml new file mode 100644 index 0000000..cae382c --- /dev/null +++ b/_data/quizzes/topic4/chapter1.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "What does the CIA Triad represent in cybersecurity?" + options: + - "Compliance, Identity, Access" + - "Confidentiality, Integrity, Availability" + - "Cybersecurity, Infrastructure, Authentication" + - "Confidentiality, Information, Authentication" + correct_index: 1 + explanation: "The CIA Triad stands for Confidentiality, Integrity, and Availability, all key principles in cybersecurity." + + - prompt: "What is a vulnerability in the context of cybersecurity?" + options: + - "A malicious code used in an attack" + - "A person attempting to hack a system" + - "A flaw or weakness in a system that can be exploited" + - "The risk of unauthorized access to data" + correct_index: 2 + explanation: "A vulnerability is a flaw or weakness in software, hardware, or systems that can be exploited." + + - prompt: "True or False: A 'risk' is determined by the probability and severity of a cybersecurity incident." + options: + - "True" + - "False" + correct_index: 0 + explanation: "Risk = Probability of Occurrence x Severity. It's a measure of potential impact." + + - prompt: "Which of the following is an example of an exploit being used?" + options: + - "A patch being applied to software" + - "A hacker finds a password in a config file and uses it to access a server" + - "A backup system running hourly" + - "Antivirus software updating signatures" + correct_index: 1 + explanation: "Using a found password to gain unauthorized access is an example of exploiting a vulnerability." + + - prompt: "Fill in the blank: The ________ is the malicious code or action used in a cyberattack." + options: + - "Payload" + - "Threat actor" + - "Vulnerability" + - "Exploit" + correct_index: 0 + explanation: "The payload is the part of the attack that causes harm, like malicious code." \ No newline at end of file diff --git a/_data/quizzes/topic4/chapter2.yml b/_data/quizzes/topic4/chapter2.yml new file mode 100644 index 0000000..7fc474a --- /dev/null +++ b/_data/quizzes/topic4/chapter2.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "What is the main risk when users can access data or systems they shouldn’t be allowed to?" + options: + - "Improper Access Control" + - "Misconfiguration" + - "Cross-Site Scripting (XSS)" + - "Cryptographic Risks" + correct_index: 0 + explanation: "Improper Access Control occurs when users can access unauthorized systems or data." + + - prompt: "Which mitigation strategy is most effective against injection attacks?" + options: + - "Role Based Access Controls" + - "Require MFA" + - "Encrypt database backups" + - "Sanitize user input" + correct_index: 3 + explanation: "Sanitizing user input helps prevent injection attacks by ensuring that only valid data is processed." + + - prompt: "What kind of attack involves injecting malicious SQL queries into a system?" + options: + - "Cross-Site Scripting (XSS)" + - "SQL Injection" + - "Improper Authentication" + - "Logging Failure" + correct_index: 1 + explanation: "SQL Injection involves inserting malicious SQL queries to manipulate or access a database." + + - prompt: "True or False: Output encoding helps prevent SQL injections by restricting unauthorized queries." + options: + - "True" + - "False" + correct_index: 1 + explanation: "False. Output encoding helps prevent XSS attacks. SQL Injection should be mitigated using parameterized queries." + + - prompt: "Fill in the blank: __________ is a technique to limit what actions users can perform based on their role in an organization." + options: + - "Access logs" + - "Parameterized queries" + - "Role Based Access Control" + - "Prepared statements" + correct_index: 2 + explanation: "Role Based Access Control ensures that users only access information and systems needed for their role." diff --git a/_data/quizzes/topic4/chapter3.yml b/_data/quizzes/topic4/chapter3.yml new file mode 100644 index 0000000..f587a77 --- /dev/null +++ b/_data/quizzes/topic4/chapter3.yml @@ -0,0 +1,44 @@ +questions: + - prompt: "What is the main purpose of integrating security checks in each stage of the CI/CD pipeline?" + options: + - "To slow down development" + - "To ensure only DevOps engineers manage security" + - "To automate deployments without review" + - "To embed security early and ensure vulnerabilities are caught throughout development" + correct_index: 3 + explanation: "The key goal is to proactively embed security checks early in the development process and throughout the lifecycle." + + - prompt: "Fill in the blank: The _________ phase includes threat modeling to identify potential vulnerabilities before coding begins." + options: + - "Testing" + - "Planning" + - "Release" + - "Build" + correct_index: 1 + explanation: "The Planning phase includes threat modeling to predict and mitigate future security risks." + + - prompt: "Which of the following best describes DAST?" + options: + - "Analyzes code before it is compiled" + - "Checks application behavior while running" + - "Ensures business logic is documented" + - "Analyzes test scripts in the CI environment" + correct_index: 1 + explanation: "DAST tests the running application to identify vulnerabilities during runtime." + + - prompt: "True or False: The CI/CD pipeline should only have security checks during the testing stage." + options: + - "True" + - "False" + correct_index: 1 + explanation: "Security checks should be embedded into every stage of the pipeline, not just testing." + + - prompt: "Which of the following is NOT a benefit of combining SAST and DAST?" + options: + - "Improves detection coverage of security vulnerabilities" + - "Provides both code-level and runtime insights" + - "Replaces the need for security experts" + - "Strengthens application security across the SDLC" + correct_index: 2 + explanation: "While SAST and DAST improve coverage, they do not eliminate the need for security professionals." + \ No newline at end of file diff --git a/_data/quizzes/topic5/chapter1.yml b/_data/quizzes/topic5/chapter1.yml new file mode 100644 index 0000000..9a5c43d --- /dev/null +++ b/_data/quizzes/topic5/chapter1.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "True or False: Cloud computing requires teams to purchase and manage their own physical servers." + options: + - "True" + - "False" + correct_index: 1 + explanation: "Cloud computing provides on-demand access to resources, removing the need for physical hardware management." + + - prompt: "Which of the following best describes the NIST definition of cloud computing?" + options: + - "A model for facilitating periodic, physical access to enterprise-owned computing hardware." + - "A framework for enabling offline, manual deployment of preconfigured hardware and network resources." + - "A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources." + - "A method for securing user authentication through identity verification across distributed networks." + correct_index: 2 + explanation: "According to NIST, cloud computing is about network access to shared, configurable computing resources." + + - prompt: "Which cloud service model provides full applications over the internet, abstracting away infrastructure and platforms?" + options: + - "IaaS" + - "Hybrid" + - "PaaS" + - "SaaS" + correct_index: 3 + explanation: "SaaS delivers complete applications, requiring no concern for the underlying systems." + + - prompt: "Which of the following is a key feature of Platform as a Service (PaaS)?" + options: + - "You manage the hardware and operating system yourself." + - "You build apps while the provider handles the OS and infrastructure." + - "You install your own operating system and runtime." + - "You use software via the internet without hosting it." + correct_index: 1 + explanation: "For PaaS, the provider handles the OS, runtime, and infrastructure while you build apps." + + - prompt: "Fill in the blank: _________ is a method for controlling who can access what, and what actions they can take." + options: + - "IAM (Identity & Access Management)" + - "Encryption" + - "Logging & Monitoring" + - "Scalability" + correct_index: 0 + explanation: "IAM (Identity & Access Management) is responsible for managing access permissions and user roles in the cloud." \ No newline at end of file diff --git a/_data/quizzes/topic5/chapter2.yml b/_data/quizzes/topic5/chapter2.yml new file mode 100644 index 0000000..89de789 --- /dev/null +++ b/_data/quizzes/topic5/chapter2.yml @@ -0,0 +1,41 @@ +questions: + - prompt: "True or False: Cloud-native DevSecOps emphasizes integrating security after the application has been deployed." + options: + - "True" + - "False" + correct_index: 1 + explanation: False. Cloud-native DevSecOps integrates security throughout the development process, not afterward. + + - prompt: "Which of the following is not a benefit of cloud-native DevSecOps?" + options: + - "Faster feedback loops" + - "Manual server patching" + - "Automated security checks" + - "Easier compliance management" + correct_index: 1 + explanation: "Cloud-native DevSecOps discourages manual server patching in favor of immutable infrastructure." + + - prompt: "Fill in the blank: ________ allows infrastructure to be defined and managed using code." + options: + - "Immutable Infrastructure" + - "Continuous Deployment (CD)" + - "Infrastructure as Code (IaC)" + - "Serverless Architecture" + correct_index: 2 + explanation: "IaC refers to defining infrastructure setup and management using code." + + - prompt: "True or False: Microservices and serverless architectures reduce the number of endpoints, making applications easier to secure." + options: + - "True" + - "False" + correct_index: 1 + explanation: "These architectures increase the number of endpoints, making API security more important." + + - prompt: "What does the Shared Responsibility Model emphasize in cloud security?" + options: + - "Users are responsible for everything" + - "Cloud providers handle all security" + - "Only compliance officers manage security" + - "Responsibilities are split between cloud users and providers" + correct_index: 3 + explanation: Security is a shared responsibility between the cloud provider and the customer. \ No newline at end of file diff --git a/_data/quizzes/topic5/chapter3.yml b/_data/quizzes/topic5/chapter3.yml new file mode 100644 index 0000000..67f49c7 --- /dev/null +++ b/_data/quizzes/topic5/chapter3.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "Why are tools essential for DevSecOps in the cloud?" + options: + - "They eliminate the need for developers" + - "They simplify only post-deployment monitoring" + - "They enable scalable, automated security across the SDLC" + - "They are required only for compliance audits" + correct_index: 2 + explanation: "Tools automate testing, policy enforcement, and monitoring, making DevSecOps scalable and effective." + + - prompt: "Which tool would you use for managing secrets in a multi-cloud environment?" + options: + - "Trivy" + - "OWASP ZAP" + - "GitHub Actions" + - "HashiCorp Vault" + correct_index: 3 + explanation: "HashiCorp Vault is designed for secure secrets management across multi-cloud setups." + + - prompt: "True or False: Hardcoding secrets in your source code is a recommended best practice." + options: + - "True" + - "False" + correct_index: 1 + explanation: "Hardcoding secrets is a major security risk. Secrets should be injected securely at runtime." + + - prompt: "What is the purpose of tools like OPA or Gatekeeper?" + options: + - "Secrets management" + - "Code compilation" + - "Policy enforcement in Kubernetes" + - "Logging configuration" + correct_index: 2 + explanation: "OPA and Gatekeeper are used to define and enforce security policies in Kubernetes environments." + + - prompt: "Which of the following tools provides runtime threat detection for containers?" + options: + - "Falco" + - "SonarQube" + - "Kube-bench" + - "Dependabot" + correct_index: 0 + explanation: "Falco provides runtime threat detection specifically for containers." \ No newline at end of file diff --git a/_data/quizzes/topic6/chapter1.yml b/_data/quizzes/topic6/chapter1.yml new file mode 100644 index 0000000..75ed5a7 --- /dev/null +++ b/_data/quizzes/topic6/chapter1.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "What is one major DevSecOps benefit for financial institutions?" + options: + - "Slower software releases for compliance checks" + - "Manual auditing of infrastructure" + - "Avoiding use of cloud environments" + - "Automated compliance reporting and early misconfiguration detection" + correct_index: 3 + explanation: "DevSecOps enables automated compliance reporting and early detection of misconfigured services in finance." + + - prompt: "How does DevSecOps benefit Tech & SaaS companies like GitHub and Netflix?" + options: + - "It reduces their need to monitor deployments" + - "It automates inline security scans during pull requests" + - "It allows skipping code reviews" + - "It replaces CI/CD pipelines with manual deployment" + correct_index: 1 + explanation: "DevSecOps allows automated security scanning on pull requests, supporting fast and secure deployments." + + - prompt: "True or False: DevSecOps helps healthtech apps encrypt data and monitor access patterns." + options: + - "True" + - "False" + correct_index: 0 + explanation: "True. DevSecOps practices in healthcare include automatic encryption and anomaly detection to secure patient data." + + - prompt: "What challenge does DevSecOps address in the retail industry?" + options: + - "Overstaffing during peak seasons" + - "Manual software patching" + - "Preventing data breaches during high-traffic events" + - "Avoiding cloud usage" + correct_index: 2 + explanation: "Retailers use DevSecOps to proactively scan for risks and prevent breaches, especially during peak traffic." + + - prompt: "What is a major DevSecOps benefit in pharmaceutical and R&D industries?" + options: + - "Securing data pipelines and enforcing role-based secrets management" + - "Rapid drug manufacturing" + - "Bypassing compliance to speed up innovation" + - "Avoiding use of encrypted storage" + correct_index: 0 + explanation: "DevSecOps helps secure sensitive IP and research data through secrets management and encryption." \ No newline at end of file diff --git a/_data/quizzes/topic6/chapter2.yml b/_data/quizzes/topic6/chapter2.yml new file mode 100644 index 0000000..3dc9a3e --- /dev/null +++ b/_data/quizzes/topic6/chapter2.yml @@ -0,0 +1,43 @@ +questions: + - prompt: "What is the primary responsibility of a DevSecOps Engineer?" + options: + - "Manage customer support and incident tickets" + - "Handle only traditional IT operations" + - "Embed security into CI/CD workflows and help write secure code" + - "Develop mobile applications for enterprise use" + correct_index: 2 + explanation: "DevSecOps Engineers focus on embedding security throughout the SDLC, especially in CI/CD pipelines." + + - prompt: "Which skill is most relevant for a Security Automation Engineer?" + options: + - "Designing user interfaces" + - "Writing marketing content" + - "Automating access control and integrating with SIEM systems" + - "Building sales dashboards" + correct_index: 2 + explanation: "Security Automation Engineers automate tasks like access control and integrate security tools with SIEMs." + + - prompt: "True or False: Application Security Engineers are primarily focused on securing infrastructure, not code." + options: + - "True" + - "False" + correct_index: 1 + explanation: "AppSec Engineers focus on the security of application code, performing code reviews and vulnerability scans." + + - prompt: "Which of the following is NOT typically a responsibility of an Application Security Engineer?" + options: + - "Conducting threat modeling" + - "Performing SAST and DAST" + - "Educating developers on secure coding" + - "Managing cloud IAM policies" + correct_index: 3 + explanation: "Managing IAM policies is a responsibility of Cloud Security Engineers, not AppSec Engineers." + + - prompt: "What tool might a Cloud Security Engineer use to monitor for misconfigurations?" + options: + - "GitHub Copilot" + - "AWS GuardDuty" + - "Google Docs" + - "Wireshark" + correct_index: 1 + explanation: "AWS GuardDuty is used to detect threats and misconfigurations in AWS cloud environments." \ No newline at end of file diff --git a/_includes/head_custom.html b/_includes/head_custom.html index 3a75c49..543ff78 100644 --- a/_includes/head_custom.html +++ b/_includes/head_custom.html @@ -1,5 +1,6 @@ + \ No newline at end of file diff --git a/_includes/nav_buttons.html b/_includes/nav_buttons.html new file mode 100644 index 0000000..dfa8932 --- /dev/null +++ b/_includes/nav_buttons.html @@ -0,0 +1,20 @@ +{% assign nav = site.data.navigation %} +{% assign current = nil %} +{% assign index = 0 %} + +{% for item in nav %} + {% if page.url == item.url %} + {% assign current = item %} + {% assign index = forloop.index0 %} + {% endif %} +{% endfor %} + +
+ {% if nav[index-1] %} + ← {{ nav[index-1].title }} + {% endif %} + + {% if nav[index+1] %} + {{ nav[index+1].title }} → + {% endif %} +
diff --git a/_includes/nav_footer_custom.html b/_includes/nav_footer_custom.html index c215dc8..999bd82 100644 --- a/_includes/nav_footer_custom.html +++ b/_includes/nav_footer_custom.html @@ -1,3 +1,112 @@ \ No newline at end of file + +
+ + + + +
+ +
+
+ + + + + +
+ This site uses a custom theme based on + Just the Docs. +
+ + + + + + + + + diff --git a/_includes/quiz.html b/_includes/quiz.html new file mode 100644 index 0000000..2364d45 --- /dev/null +++ b/_includes/quiz.html @@ -0,0 +1,37 @@ +

🧠 Knowledge Check

+

Answer the questions below to test your knowledge!

+ + + + +
+ {% for q in include.data.questions %} +
+

Q{{ forloop.index }}: {{ q.prompt }}

+ + {% for option in q.options %} + + {% endfor %} + + +
+ {% endfor %} + + + + + +
+ + + diff --git a/_layouts/custom.html b/_layouts/custom.html index 63d4e2d..c338f65 100644 --- a/_layouts/custom.html +++ b/_layouts/custom.html @@ -33,5 +33,18 @@ {% if site.mermaid %} {% include components/mermaid.html %} {% endif %} + + + + + + + + \ No newline at end of file diff --git a/_sass/custom/custom.scss b/_sass/custom/custom.scss index 1cfb8b6..a57a7dd 100644 --- a/_sass/custom/custom.scss +++ b/_sass/custom/custom.scss @@ -6,6 +6,9 @@ $code-dot-size: 0.6rem; $code-dot-gap: 0.5rem; $dot-margin: 0; +@import "quiz"; +@import "light"; + @mixin light-syntax { --language-border-color: #ececec; --highlight-bg-color: #f6f8fa; @@ -19,7 +22,6 @@ $dot-margin: 0; --clipboard-checked-color: #43c743; } - .highlighter-rouge { @include light-syntax; color: var(--highlighter-rouge-color); @@ -249,7 +251,6 @@ div.highlighter-rouge > button, div.listingblock > div.content > button, figure. padding-top: 64px; flex: 1; min-width: 300px; - background-color: #fbfbfb; border-left: 1px solid #eeebee; h2 { @@ -403,8 +404,8 @@ div.highlighter-rouge > button, div.listingblock > div.content > button, figure. } .site-logo { - width: 30px; - height: 30px; + width: 60px; + height: 55px; } .site-nav-header { @@ -416,4 +417,13 @@ div.highlighter-rouge > button, div.listingblock > div.content > button, figure. font-weight: bold; font-size: 16px; } -} \ No newline at end of file +} + +// FONT SIZE ADJUSTER +.slider-container { + display: flex; + padding-top: 3rem; + justify-content: center; + align-items: center; +} + diff --git a/_sass/custom/dark.scss b/_sass/custom/dark.scss new file mode 100644 index 0000000..3ca510a --- /dev/null +++ b/_sass/custom/dark.scss @@ -0,0 +1,20 @@ +/* Dark Mode Colors */ +$color-scheme: dark; +$body-background-color: $grey-dk-300; +$body-heading-color: $grey-lt-000; +$body-text-color: $grey-lt-300; +$link-color: $blue-000; +$nav-child-link-color: $grey-dk-000; +$sidebar-color: $grey-dk-300; +$base-button-color: $grey-dk-250; +$btn-primary-color: $blue-200; +$code-background-color: #31343f; /* OneDarkJekyll default for syntax-one-dark-vivid */ +$code-linenumber-color: #dee2f7; /* OneDarkJekyll .nf for syntax-one-dark-vivid */ +$feedback-color: darken($sidebar-color, 3%); +$table-background-color: $grey-dk-250; +$search-background-color: $grey-dk-250; +$search-result-preview-color: $grey-dk-000; +$border-color: $grey-dk-200; + +/* Syntax highlighting for code */ +@import "./vendor/OneDarkJekyll/syntax"; /* This is the one-dark-vivid atom syntax theme */ diff --git a/_sass/custom/layout.scss b/_sass/custom/layout.scss new file mode 100644 index 0000000..66fb821 --- /dev/null +++ b/_sass/custom/layout.scss @@ -0,0 +1,225 @@ +// The basic two column layout + +.side-bar { + z-index: 0; + display: flex; + flex-wrap: wrap; + background-color: $sidebar-color; + + @include mq(md) { + flex-flow: column nowrap; + position: fixed; + width: $nav-width-md; + height: 100%; + border-right: $border $border-color; + align-items: flex-end; + } + + @include mq(lg) { + width: calc((100% - #{$nav-width + $content-width}) / 2 + #{$nav-width}); + min-width: $nav-width; + } + + & + .main { + @include mq(md) { + margin-left: $nav-width-md; + } + + @include mq(lg) { + // stylelint-disable function-name-case + // disable for Max(), we want to use the CSS max() function + margin-left: Max( + #{$nav-width}, + calc((100% - #{$nav-width + $content-width}) / 2 + #{$nav-width}) + ); + // stylelint-enable function-name-case + } + + .main-header { + display: none; + background-color: $sidebar-color; + + @include mq(md) { + display: flex; + background-color: $body-background-color; + } + + &.nav-open { + display: block; + + @include mq(md) { + display: flex; + } + } + } + } + } + + .main { + margin: auto; + + @include mq(md) { + position: relative; + max-width: $content-width; + } + } + + .main-content-wrap { + padding-top: $gutter-spacing-sm; + padding-bottom: $gutter-spacing-sm; + + @include container; + + @include mq(md) { + padding-top: $gutter-spacing; + padding-bottom: $gutter-spacing; + } + } + + .main-header { + z-index: 0; + border-bottom: $border $border-color; + + @include mq(md) { + display: flex; + justify-content: space-between; + height: $header-height; + } + } + + .site-nav, + .site-header, + .site-footer { + width: 100%; + + @include mq(lg) { + width: $nav-width; + } + } + + .site-nav { + display: none; + + &.nav-open { + display: block; + } + + @include mq(md) { + display: block; + padding-top: $sp-8; + padding-bottom: $gutter-spacing-sm; + overflow-y: auto; + flex: 1 1 auto; + } + } + + .site-header { + display: flex; + min-height: $header-height; + align-items: center; + + @include mq(md) { + height: $header-height; + max-height: $header-height; + border-bottom: $border $border-color; + } + } + + .site-title { + flex-grow: 1; + display: flex; + height: 100%; + align-items: center; + padding-top: $sp-3; + padding-bottom: $sp-3; + color: $body-heading-color; + + @include container; + + @include fs-6; + + @include mq(md) { + padding-top: $sp-2; + padding-bottom: $sp-2; + } + } + + @if variable-exists(logo) { + .site-logo { + width: 100%; + height: 100%; + background-image: url($logo); + background-repeat: no-repeat; + background-position: left center; + background-size: contain; + } + } + + .site-button { + display: flex; + height: 100%; + padding: $gutter-spacing-sm; + align-items: center; + } + + @include mq(md) { + .site-header .site-button { + display: none; + } + } + + .site-title:hover { + background-image: linear-gradient( + -90deg, + rgba($feedback-color, 1) 0%, + rgba($feedback-color, 0.8) 80%, + rgba($feedback-color, 0) 100% + ); + } + + .site-button:hover { + background-image: linear-gradient( + -90deg, + rgba($feedback-color, 1) 0%, + rgba($feedback-color, 0.8) 100% + ); + } + + // stylelint-disable selector-max-type + + body { + position: relative; + padding-bottom: $sp-10; + overflow-y: scroll; + + @include mq(md) { + position: static; + padding-bottom: 0; + } + } + + // stylelint-enable selector-max-type + + .site-footer { + position: absolute; + bottom: 0; + left: 0; + padding-top: $sp-4; + padding-bottom: $sp-4; + color: $grey-dk-000; + + @include container; + + @include fs-2; + + @include mq(md) { + position: static; + justify-self: end; + } + } + + .icon { + width: $sp-5; + height: $sp-5; + color: $link-color; + } \ No newline at end of file diff --git a/_sass/custom/light.scss b/_sass/custom/light.scss new file mode 100644 index 0000000..a5f60c4 --- /dev/null +++ b/_sass/custom/light.scss @@ -0,0 +1,16 @@ +$color-scheme: light !default; +$body-background-color: $white !default; +$body-heading-color: $grey-dk-300 !default; +$body-text-color: $grey-dk-100 !default; +$link-color: $purple-000 !default; +$nav-child-link-color: $grey-dk-100 !default; +$sidebar-color: $grey-lt-000 !default; +$base-button-color: #f7f7f7 !default; +$btn-primary-color: $purple-100 !default; +$code-background-color: $grey-lt-000 !default; +$feedback-color: darken($sidebar-color, 3%) !default; +$table-background-color: $white !default; +$search-background-color: $white !default; +$search-result-preview-color: $grey-dk-000 !default; + +@import "./vendor/OneLightJekyll/syntax"; \ No newline at end of file diff --git a/_sass/custom/quiz.scss b/_sass/custom/quiz.scss new file mode 100644 index 0000000..c3ad1eb --- /dev/null +++ b/_sass/custom/quiz.scss @@ -0,0 +1,104 @@ +.quiz-form { + margin-top: 2rem; + padding: 1rem; + border: 2px solid #ccc; + border-radius: 10px; + + .quiz-question { + margin-bottom: 1.5rem; + p { + font-weight: 600; + margin-bottom: 0.5rem; + } + + label { + display: block; + margin: 1rem; + cursor: pointer; + + input[type="radio"] { + margin-right: 0.5rem; + } + } + + .quiz-feedback { + padding: 0.5rem; + margin-top: 0.5rem; + border-radius: 0.5rem; + font-weight: bold; + + &.correct { + background-color: #d4edda; + color: #155724; + border: 1px solid #c3e6cb; + } + + &.incorrect { + background-color: #f8d7da; + color: #721c24; + border: 1px solid #f5c6cb; + } + + p#feedback-title { + margin-top: 0.5rem; + } + } + } + + button { + margin-top: 0.5rem; + padding: 0.6rem 1.2rem; + background-color: #007acc; + color: white; + border: none; + border-radius: 6px; + cursor: pointer; + + &:hover { + background-color: #005fa3; + } + + &:disabled { + background-color: #cccccc; + color: #666666; + cursor: not-allowed; + opacity: 0.7; + } + } +} + +.modal { + position: fixed; + z-index: 1000; + left: 0; + top: 0; + width: 100%; + height: 100%; + background-color: rgba(0, 0, 0, 0.5); + display: flex; + justify-content: center; + align-items: center; +} + +.modal-content { + background: white; + padding: 20px 30px; + border-radius: 8px; + width: 300px; + max-width: 90%; + text-align: center; + position: relative; +} + +.close { + position: absolute; + right: 10px; + top: 5px; + font-size: 24px; + cursor: pointer; + color: #555; +} + +.close:hover { + color: black; +} \ No newline at end of file diff --git a/assets/images/2.0logo.png b/assets/images/2.0logo.png new file mode 100644 index 0000000..e8f965f Binary files /dev/null and b/assets/images/2.0logo.png differ diff --git a/assets/images/2.0logobig.png b/assets/images/2.0logobig.png new file mode 100644 index 0000000..3086f83 Binary files /dev/null and b/assets/images/2.0logobig.png differ diff --git a/assets/images/dark-font-size.png b/assets/images/dark-font-size.png new file mode 100644 index 0000000..95aaec9 Binary files /dev/null and b/assets/images/dark-font-size.png differ diff --git a/assets/images/favicon-32x32.png b/assets/images/favicon-32x32.png new file mode 100644 index 0000000..03ca373 Binary files /dev/null and b/assets/images/favicon-32x32.png differ diff --git a/assets/images/favicon.png b/assets/images/favicon.png new file mode 100644 index 0000000..172da5b Binary files /dev/null and b/assets/images/favicon.png differ diff --git a/assets/images/font-size.svg b/assets/images/font-size.svg new file mode 100644 index 0000000..3176482 --- /dev/null +++ b/assets/images/font-size.svg @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/assets/images/light-font-size.png b/assets/images/light-font-size.png new file mode 100644 index 0000000..95aaec9 Binary files /dev/null and b/assets/images/light-font-size.png differ diff --git a/assets/images/light-font-size.svg b/assets/images/light-font-size.svg new file mode 100644 index 0000000..3176482 --- /dev/null +++ b/assets/images/light-font-size.svg @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/assets/js/just-the-docs.js b/assets/js/just-the-docs.js new file mode 100644 index 0000000..2c8e94d --- /dev/null +++ b/assets/js/just-the-docs.js @@ -0,0 +1,618 @@ +--- +layout: null +--- +(function (jtd, undefined) { + +// Event handling + +jtd.addEvent = function(el, type, handler) { + if (el.attachEvent) el.attachEvent('on'+type, handler); else el.addEventListener(type, handler); +} +jtd.removeEvent = function(el, type, handler) { + if (el.detachEvent) el.detachEvent('on'+type, handler); else el.removeEventListener(type, handler); +} +jtd.onReady = function(ready) { + // in case the document is already rendered + if (document.readyState!='loading') ready(); + // modern browsers + else if (document.addEventListener) document.addEventListener('DOMContentLoaded', ready); + // IE <= 8 + else document.attachEvent('onreadystatechange', function(){ + if (document.readyState=='complete') ready(); + }); +} + +// Show/hide mobile menu + +function initNav() { + jtd.addEvent(document, 'click', function(e){ + var target = e.target; + while (target && !(target.classList && target.classList.contains('nav-list-expander'))) { + target = target.parentNode; + } + if (target) { + e.preventDefault(); + target.ariaPressed = target.parentNode.classList.toggle('active'); + } + }); + + const siteNav = document.getElementById('site-nav'); + const mainHeader = document.getElementById('main-header'); + const menuButton = document.getElementById('menu-button'); + + disableHeadStyleSheets(); + + jtd.addEvent(menuButton, 'click', function(e){ + e.preventDefault(); + + if (menuButton.classList.toggle('nav-open')) { + siteNav.classList.add('nav-open'); + mainHeader.classList.add('nav-open'); + menuButton.ariaPressed = true; + } else { + siteNav.classList.remove('nav-open'); + mainHeader.classList.remove('nav-open'); + menuButton.ariaPressed = false; + } + }); + + {%- if site.search_enabled != false and site.search.button %} + const searchInput = document.getElementById('search-input'); + const searchButton = document.getElementById('search-button'); + + jtd.addEvent(searchButton, 'click', function(e){ + e.preventDefault(); + + mainHeader.classList.add('nav-open'); + searchInput.focus(); + }); + {%- endif %} +} + +// The element is assumed to include the following stylesheets: +// - a to /assets/css/just-the-docs-head-nav.css, +// with id 'jtd-head-nav-stylesheet' +// - a