Client: Public Sector Portal (India)
Tools: Jenkins, SonarQube, AquaSec, Checkov, Fortify
Challenge:
High security risks during code deployments and manual scans delayed go-live timelines.
Solution:
- Designed secure SDLC integrating SAST, DAST, container image scanning
- Enabled Jenkins pipelines with integrated SonarQube and Checkov
- Used AquaSec to scan Docker images; enforced quality gates for promotion
- Deployed signed artifacts to secure Nexus repo
- Integrated Slack and email-based alerting for security violations
Outcome:
Reduced security vulnerability exposure by 60%. Passed stringent compliance audits (CERT-In, OWASP Top 10).