CloudOpsConsole

pipeline & defense

Approval gates. Digest-pinned. Zero-downtime.

GitHub Actions → cosign → trivy → manual approval → kubectl rollout. Then verify, or roll back.

pipeline · 11 stages

Every commit, the same gauntlet.

GitHub Actions runs the full chain on every PR. The same workflow is what deploys to prod. Hover any stage to see its workflow file.

PRGitHubLinteslintTestvitestBuildnext + tscSigncosignScantrivyPlanterraformApproveOIDC envDeploykubectlVerify/readyRollbackauto

security posture · live

Six layers. One source of truth.

LayerControlSource
IdentityCognito + JWKS verifydocs/adr/016-auth-jwt.md
TenancyPostgres RLS · forceapps/order-api/migrations/003_rls.sql
TransportHSTS · CSP · COOP/CORPapps/storefront/next.config.ts
SecretsSecrets Mgr + IRSAapps/order-api/k8s/deployment.yaml
Supply chainCosign + Trivy + Gatekeeperdocs/adr/020-supply-chain.md
ObservabilityOTel · 3 signals · SLOmodules/observability/