►
From YouTube: Application code changes, build, & vulnerability scans with Red Hat OpenShift Service on AWS (ROSA)
Description
Red Hat DevOps platform demo. An issue is identified in the Red Hat Cool Stuff Store. Developers kick off changes in the outler loop of development and kick off the automated process for updates. Try it yourself on Red Hat OpenShift for AWS:
https://www.redhat.com/en//technologies/cloud-computing/openshift/aws/get-started
A
In
order
to
do
that,
we're
going
to
add
a
new
quantity
of
fedoras
from
the
cool
store
inventory
service,
and
so
to
do
that,
let's
start
with
the
inner
loop
for
this
demo,
we
created
an
example
organization,
the
Red
Dot
cool
store,
and
we
store
our
repository
on
githubs.
As
you
can
see,
those
are.
The
repository
represent
the
microservices
for
this
application.
A
We
want
to
enable
and
onboard
developers
on
this
project
and
overshift
has
an
excellent
support
for
mapping
user
and
groups
from
multiple
identity
providers
such
as
GitHub
as
a
developer
once
I
log
in
into
the
opposite
platform,
I'm
onboarded
into
the
officeship
web
console
experience
in
this
experience,
I
can
self-serve
to
discover
and
scaffold
templates
or
application
from
the
developer
catalog.
Those
could
be
pre-built
or
also
fulfilled
afterwards
with
customization.
A
In
addition
to
that
overshift
web
console
experience
offers
also
developer
onboarding
on
project
and
answered
with
a
quick
start,
so
the
quick
start
are
guided
path
to
project
setup
and
enablement
and
those
are
pre-built
or
can
be
also
customized.
In
fact,
for
this
demo
we
created
a
specific
one
to
onboard
developers
on
the
cool
Store
app
development.
A
For
each
service
we
can
go
looking
our
resource
consumption
in
terms
of
CPU
memory,
RAM,
storage,
bandwidth.
We
can
go
granularly
into
a
Time
range
selection,
but
also
we
can
set
up
a
custom,
metrics
or
alert,
and
we
can
have
a
list
of
of
all.
Events
are
happening
for
this
service
in.
In
addition
to
that,
for
each
service
we
can
review
the
logs
of
the
application,
and
this
log
can
be
in
single
instance,
or
can
be
provided
in
some
aggregated
form.
A
Overshift
provide
also
support
for
editing
code
when
well
as
watching.
Also
our
quick
start.
We
can
also
start
editing
our
service
directly
from
the
from
the
topology
View,
so
obviously
support
the
support
for
editing
and
coding
with
an
in-browser
ID
systems
called
Dev
spaces.
Dev
spaces
is
a
system
that
creates
a
development
environment
inside
the
platform
called
workspace.
A
The
workspace
can
be
created
there,
starting
from
a
list
of
workspace
already
available
from
the
platform,
or
they
can
be
customized
as
convenience.
In
this
case,
we
we
have,
for
instance,
a
workspace
definition
through
a
file
called
the
dev
file.
So
what
we
have
to
do
is
just
click
from
this
user
experience
on
on
this
action
from
Ed
in
order
to
edit
the
source
code,
or
we
can
have
the
same
experience
for
by
calling
the
this
API
from
another
source
point.
A
But
once
we
invoke
this
action,
Dev
spaces
will
start
creating
our
workspace
on
how
we
need
it,
and
the
workspace
will
start
with
an
overview
on
a
get
started
view
of
action
we
can
do
in
this
case.
This
is
Visual
Studio
code
with
all
our
setting
that
we
need.
In
this
case
this
is
a
a
Java
service
and
we
are
able
to
program
the
workspace
through
the
dev
file
definition.
A
The
file
is
an
open
standard,
interoperable
that
can
be
used
to
start
the
workspaces
into
multiple
and
environment,
and
the
good
thing
is
that
you
can
pray
fulfill
action
like
building
a
testing
or
running
the
continuous
testing
mode.
In
order
to
do
our
change,
we
can
start
editing
our
Java
code,
there's
great
support
for
runtime
languages
into
the
dev
space,
and
for
this
specific
specific
use
case,
we
can
start
editing
our
code
say
we
don't
want
zero
quantity.
We
want
100
quantity
into
the
inventory.
A
A
For
this
specific
case,
we
installed
this
extension,
the
dependency
analytics
extension
created
by
Red
Dot,
in
collaboration
with
sneak,
which
is
able
to
perform
vulnerability
scan
to
the
software
dependencies
in
the
app.
So
before
we
start
everything
we
can
perform
such
vulnerability
scan
and
from
our
dependency
file,
and
it
depends
of
the
programming
language
in
this
case.
A
In
our
pump
file,
we
run
the
dependency
analytics
and
it
generates
a
report
that
we
can
consult
locally,
and
this
wrapper
can
give
us
a
list
of
non-vulnerability
with
all
the
details
available
in
this
case
through
our
partners
Nick.
But,
as
you
can
see
here,
we
don't
have
any
direct
vulnerability,
so
in
this
case
it
looks
like
we're
ready
to
go
we're
ready
to
push
our
change
and
increase
the
quantity
of
fedoras
in
the
store.
A
So
we
just
reviewed
that
our
tests
are
up
to
date
and
the
continuous
testing
mode
validated
that
so
our
tests
are
good
to
go
and
they're
fine
and
and
also
we
can.
We
can
review
our
source
code
update
and
if
everything
is
fine,
we
can
just
commit
everything
and
push
everything.
So
we
just
provide
a
comment
for
that.
Like
update
that
inventory
quantity
for
fedoras
to
100
that
looks
good
to
go,
we
can
push
our
changes
into
it.