Link to UI test
Link to exercise/documentation

now, there is a secondary public timeline which is assigned to the :5000 but does not display anything, so one has to click on the public timeline to see the tweets

Update Django configuration for production server to be in production mode instead of debug mode

What to include in report from course page.

System's Perspective

A description and illustration of the:

• Design and architecture of your ITU-MiniTwit systems
• All dependencies of your ITU-MiniTwit systems on all levels of abstraction and development stages.
• That is, list and briefly describe all technologies and tools you applied and depend on.
• Important interactions of subsystems
• Describe the current state of your systems, for example using results of static analysis and quality assessments.
• Finally, describe briefly, if the license that you have chosen for your project is actually compatible with the licenses of all your direct dependencies.

Double check that for all the weekly tasks (those listed in the schedule) you include the corresponding information.

MSc students remember to argue for the choice of technologies and decisions for at least all cases for which we asked you to do so in the tasks at the end of each session.

Process' perspective

A description and illustration of:

• How do you interact as developers?
• How is the team organized?
• A complete description of stages and tools included in the CI/CD chains.
• That is, including deployment and release of your systems.
• Organization of your repositor(ies).
• That is, either the structure of of mono-repository or organization of artifacts across repositories.
• In essence, it has to be be clear what is stored where and why.
• Applied branching strategy.
• Applied development process and tools supporting it
• For example, how did you use issues, Kanban boards, etc. to organize open tasks
• How do you monitor your systems and what precisely do you monitor?
• What do you log in your systems and how do you aggregate logs?
• Brief results of the security assessment.
• Applied strategy for scaling and load balancing.
• In case you have used AI-assistants for writing code during your project or to write the report:
• Explain which system(s) you used during the project.
• Reflect how it supported/hindered your process.

In essence it has to be clear how code or other artifacts come from idea into the running system and everything that happens on the way.

Lessons Learned Perspective

Describe the biggest issues, how you solved them, and which are major lessons learned with regards to:

• evolution and refactoring
• operation, and
• maintenance

of your ITU-MiniTwit systems. Link back to respective commit messages, issues, tickets, etc. to illustrate these.

Also reflect and describe what was the "DevOps" style of your work. For example, what did you do differently to previous development projects and how did it work?

• Sonarqube
• Code Climate

Prices:

Link: https://github.com/itu-devops/lecture_notes/blob/master/sessions/session_02/README_TASKS.md#3-describe-distributed-workflow

Think about, discuss in your groups, and note down in which way you are going to collaborate using Git in this project.

You should reflect and decide on the following points:

Which repository setup will we use?
Which branching model will we use?
Which distributed development workflow will we use?
How do we expect contributions to look like?
Who is responsible for integrating/reviewing contributions?
Information to at least all of the above points should end up in a markdown document in your main repository (likely called CONTRIBUTE.md).

We recommend that you do not rewrite history by rebasing or squashing your commits. The main reason is that it remains visible in the history who did what and when.

Need to include software quality gates. These must either abort the pull-request if a condition is not met (fx. code quality not up to standard, or security vulnerability present), or they should automatically change ("fix") something such as the format of the code.

To Add:

• Snyk (implemented but only on 1 image): for finding and fixing docker vulnerabilities, need to set it up so that if a certain condition is not met (such as code having a high security risk) then the pull-request aborts
• SonarCloud (on pull-request a report is made, but i dont think it's technically part of the CI pipeline?): for ensuring code quality, need to set it up so that if a certain condition is not met (such as the code having a bug, or too many code smells) then the pull-request aborts
• MegaLinter (implemented): for automatically formatting code, and reporting errors

Link: https://github.com/itu-devops/lecture_notes/blob/master/sessions/session_03/README_TASKS.md

Link to SonarCloud
Link to Code Climate

For code climate we can go through the issues, close or invalidate ones that are not actual issues and fix any that are

have checked them but only fixed one thing, we could go through all of the complaints and see if we should fix anything

Add respective issue to group j, if one of the following is not working:

• Do you see a public timeline?
• Does the public timeline show messages that the application received from the simulator?
• Can you create a new user?
• Can you login as a new user?
• Can you write a message?
• After publishing a message, does it appear on your private timeline?
• Can you follow another user?

• https://github.com/itu-devops/lecture_notes/blob/master/sessions/session_06/Slides.md
• https://github.com/itu-devops/itu-minitwit-monitoring

Implement:

• Prometheus
• Grafana

What we found

After running Nmap Vulnerability Scan Scripts we found that you have an SSH service running (port 22) that is vulnerable to several CVEs (CVE-2020-15778, CVE-2020-12062, CVE-2021-28041, CVE-2021-41617, CVE-2020-14145, CVE-2016-20012, and CVE-2021-36368). Some migt be more interesting than others. The report gives links for each CVE:

| vulners:
| cpe:/a:openbsd:openssh:8.2p1:
| CVE-2020-15778 6.8 https://vulners.com/cve/CVE-2020-15778
| C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 6.8 https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 EXPLOIT
| 10213DBE-F683-58BB-B6D3-353173626207 6.8 https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207 EXPLOIT
| CVE-2020-12062 5.0 https://vulners.com/cve/CVE-2020-12062
| CVE-2021-28041 4.6 https://vulners.com/cve/CVE-2021-28041
| CVE-2021-41617 4.4 https://vulners.com/cve/CVE-2021-41617
| CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145
| CVE-2016-20012 4.3 https://vulners.com/cve/CVE-2016-20012
|_ CVE-2021-36368 2.6 https://vulners.com/cve/CVE-2021-36368

Need to set up the digital ocean droplet by following the tutorial example here:
https://github.com/itu-devops/itu-minitwit-ci
and canibalising it to work with our version of minitwit