From 042773c265da00e0bff4c9daa67e482f848414a2 Mon Sep 17 00:00:00 2001 From: adammeh Date: Fri, 29 Aug 2025 19:55:33 +0200 Subject: [PATCH 01/12] Presentation Proposal --- .../week2/adammeh-rifat/README.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 contributions/presentation/week2/adammeh-rifat/README.md diff --git a/contributions/presentation/week2/adammeh-rifat/README.md b/contributions/presentation/week2/adammeh-rifat/README.md new file mode 100644 index 0000000000..5b0ef81625 --- /dev/null +++ b/contributions/presentation/week2/adammeh-rifat/README.md @@ -0,0 +1,26 @@ +# Assignment Proposal + +## Title + + - Ariane flight V88 Failure: Highlighting the Value of Continuous Integration and Automated Testing + +## Names and KTH ID + + - Adam Mehdi (adammeh@kth.se) + - Rifat Kazi (rifat@kth.se) + +## Deadline + + - Week 2 + +## Category + + - Presentation + +## Description + +We will explore the Ariane Flight V88 incident from June 1996, examining the software failure that caused the rocket to self-destruct. The presentation will focus on how continuous integration and automated testing could have detected and prevented the issue. + +**Relevance** + +The Ariane V88 failure illustrates the risks of software reuse without adequate testing. Continuous integration and automated testing could have caught the critical bug before launch, demonstrating the importance of DevOps practices in preventing critical software failures. From 778e2d8a686d40b437888aa7c542f014e20a9e92 Mon Sep 17 00:00:00 2001 From: adammeh Date: Sun, 7 Sep 2025 21:30:50 +0200 Subject: [PATCH 02/12] week 3, demo proposal --- .../demo/week3/adammeh-rifat/README.md | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 contributions/demo/week3/adammeh-rifat/README.md diff --git a/contributions/demo/week3/adammeh-rifat/README.md b/contributions/demo/week3/adammeh-rifat/README.md new file mode 100644 index 0000000000..ff128a9fe3 --- /dev/null +++ b/contributions/demo/week3/adammeh-rifat/README.md @@ -0,0 +1,32 @@ +# Assignment Proposal + +## Title + +- Demo: How to easily deploy Docker images to Amazon AWS using GitHub Actions and Docker Hub + +## Names and KTH ID + +- Adam Mehdi (adammeh@kth.se) +- Rifat Kazi (rifat@kth.se) + +## Deadline + +- Week 3 + +## Category + +- Demo + +## Description + +We will demonstrate how to build, package, and deploy a Dockerized application to Amazon AWS using GitHub Actions and Docker Hub. The demo will cover the complete CI/CD pipeline: +1. Building a Docker image from source code. +2. Pushing the image to Docker Hub as a registry. +3. Using GitHub Actions workflows to automate testing, building, and deployment. +4. Deploying the container to an AWS service EC2. + +The focus will be on showing how automation reduces manual effort, ensures consistency, and improves reliability in software delivery. + +## Relevance + +This topic highlights core DevOps practices by demonstrating the integration of **continuous integration** (automated building and testing) with **continuous delivery/deployment** (automated shipping to production). By leveraging GitHub Actions and Docker Hub, developers can streamline their workflows and reduce deployment risks. The demo illustrates how CI/CD pipelines are essential for modern DevOps teams to achieve faster feedback cycles, scalability, and resilience in cloud-native environments. \ No newline at end of file From 220d2256edf99b594955f8598dcae823f6efb648 Mon Sep 17 00:00:00 2001 From: adammeh Date: Sun, 7 Sep 2025 21:44:05 +0200 Subject: [PATCH 03/12] fix proposal --- contributions/demo/week3/adammeh-rifat/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contributions/demo/week3/adammeh-rifat/README.md b/contributions/demo/week3/adammeh-rifat/README.md index ff128a9fe3..d91e1794cb 100644 --- a/contributions/demo/week3/adammeh-rifat/README.md +++ b/contributions/demo/week3/adammeh-rifat/README.md @@ -2,20 +2,20 @@ ## Title -- Demo: How to easily deploy Docker images to Amazon AWS using GitHub Actions and Docker Hub + - Demo: How to easily deploy Docker images to Amazon AWS using GitHub Actions and Docker Hub ## Names and KTH ID -- Adam Mehdi (adammeh@kth.se) -- Rifat Kazi (rifat@kth.se) + - Adam Mehdi (adammeh@kth.se) + - Rifat Kazi (rifat@kth.se) ## Deadline -- Week 3 + - Week 3 ## Category -- Demo + - Demo ## Description From 17eb170d2b25fa9f0594c772a6dd12ef67a20e25 Mon Sep 17 00:00:00 2001 From: adammeh Date: Sun, 7 Sep 2025 21:46:12 +0200 Subject: [PATCH 04/12] fix proposal --- contributions/demo/week3/adammeh-rifat/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contributions/demo/week3/adammeh-rifat/README.md b/contributions/demo/week3/adammeh-rifat/README.md index d91e1794cb..b4546d0299 100644 --- a/contributions/demo/week3/adammeh-rifat/README.md +++ b/contributions/demo/week3/adammeh-rifat/README.md @@ -27,6 +27,6 @@ We will demonstrate how to build, package, and deploy a Dockerized application t The focus will be on showing how automation reduces manual effort, ensures consistency, and improves reliability in software delivery. -## Relevance +**Relevance** This topic highlights core DevOps practices by demonstrating the integration of **continuous integration** (automated building and testing) with **continuous delivery/deployment** (automated shipping to production). By leveraging GitHub Actions and Docker Hub, developers can streamline their workflows and reduce deployment risks. The demo illustrates how CI/CD pipelines are essential for modern DevOps teams to achieve faster feedback cycles, scalability, and resilience in cloud-native environments. \ No newline at end of file From 9a36cd70b81920eb30cc8a068e9aed7bdbc7a5b6 Mon Sep 17 00:00:00 2001 From: adammeh Date: Sun, 14 Sep 2025 17:53:32 +0200 Subject: [PATCH 05/12] feedback proposal --- .../feedback/adammeh-oarbman/README.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 contributions/feedback/adammeh-oarbman/README.md diff --git a/contributions/feedback/adammeh-oarbman/README.md b/contributions/feedback/adammeh-oarbman/README.md new file mode 100644 index 0000000000..1fb86cda5c --- /dev/null +++ b/contributions/feedback/adammeh-oarbman/README.md @@ -0,0 +1,22 @@ +# Assignment Proposal + +## Title + + - Feedback on Week 4 Presentation: Prediction-based Anomaly Detection using AIOps + +## Names and KTH ID + + - Adam Mehdi (adammeh@kth.se) + - Oscar Arbman (oarbman@kth.se) + +## Deadline + + - Task 2 + +## Category + + - Feedback + +## Description + +We would like to review the presentation #2781 and give feedback on it. \ No newline at end of file From 7b0d45fca4ef4b6430d6f924168d4261653f2e9b Mon Sep 17 00:00:00 2001 From: adammeh Date: Thu, 18 Sep 2025 17:28:45 +0200 Subject: [PATCH 06/12] executable tutorial proposal --- .../adammeh-xzuo/README.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 contributions/executable-tutorial/adammeh-xzuo/README.md diff --git a/contributions/executable-tutorial/adammeh-xzuo/README.md b/contributions/executable-tutorial/adammeh-xzuo/README.md new file mode 100644 index 0000000000..630ffc6bbc --- /dev/null +++ b/contributions/executable-tutorial/adammeh-xzuo/README.md @@ -0,0 +1,30 @@ +# Assignment Proposal + +## Title + + - Chaos Engineering with Kubernetes: Simulating Pod Failures using LitmusChaos + +## Names and KTH ID + + - Adam Mehdi (adammeh@kth.se) + - Xu Zuo (xzuo@kth.se) + +## Deadline + + - Task 2 + +## Category + + - Executable tutorial + +## Description + +In this tutorial, we will demonstrate Chaos Engineering on a Kubernetes cluster using the open-source framework LitmusChaos. The tutorial will guide learners to: +1. Deploy a sample application in Kubernetes. +2. Install LitmusChaos in the cluster. +3. Run a pod-delete experiment to simulate random pod failures. +4. Observe service recovery. + +**Relevance** + +In DevOps, ensuring the high availability and resilience of services is crucial. Chaos Engineering provides a structured way to verify that systems behave as expected under failure conditions. By running controlled chaos experiments, teams can uncover vulnerabilities before they affect real users. \ No newline at end of file From 59a7ed62251335e736279a272e1a9554e2b521c0 Mon Sep 17 00:00:00 2001 From: adammeh Date: Sun, 21 Sep 2025 12:13:21 +0200 Subject: [PATCH 07/12] update tutorial proposal --- .../executable-tutorial/adammeh-xzuo/README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/contributions/executable-tutorial/adammeh-xzuo/README.md b/contributions/executable-tutorial/adammeh-xzuo/README.md index 630ffc6bbc..094ca0abac 100644 --- a/contributions/executable-tutorial/adammeh-xzuo/README.md +++ b/contributions/executable-tutorial/adammeh-xzuo/README.md @@ -19,12 +19,15 @@ ## Description -In this tutorial, we will demonstrate Chaos Engineering on a Kubernetes cluster using the open-source framework LitmusChaos. The tutorial will guide learners to: -1. Deploy a sample application in Kubernetes. -2. Install LitmusChaos in the cluster. +In this tutorial, we will demonstrate Chaos Engineering on a Kubernetes cluster. The tutorial will guide learners to: +1. Deploy a sample backend application in Kubernetes. +2. Expose the backend with a Kubernetes Service. 3. Run a pod-delete experiment to simulate random pod failures. 4. Observe service recovery. **Relevance** -In DevOps, ensuring the high availability and resilience of services is crucial. Chaos Engineering provides a structured way to verify that systems behave as expected under failure conditions. By running controlled chaos experiments, teams can uncover vulnerabilities before they affect real users. \ No newline at end of file +In DevOps, ensuring the high availability and resilience of services is crucial. Chaos Engineering provides a structured way to verify that systems behave as expected under failure conditions. By running controlled chaos experiments, teams can uncover vulnerabilities before they affect real users. + + +This tutorial is hosted on killercoda: https://killercoda.com/devops-tutorial-task2/scenario/pod-failure \ No newline at end of file From bcf790333e6ff3a76ecbed3978eada8e827b1fe8 Mon Sep 17 00:00:00 2001 From: adammeh Date: Wed, 24 Sep 2025 10:20:16 +0200 Subject: [PATCH 08/12] Scientific Paper Proposal --- .../week6/adammeh-birgerk/README.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 contributions/scientific-paper/week6/adammeh-birgerk/README.md diff --git a/contributions/scientific-paper/week6/adammeh-birgerk/README.md b/contributions/scientific-paper/week6/adammeh-birgerk/README.md new file mode 100644 index 0000000000..5a03712450 --- /dev/null +++ b/contributions/scientific-paper/week6/adammeh-birgerk/README.md @@ -0,0 +1,26 @@ +# Assignment Proposal + +## Title + + - The Seven Sins: Security Smells in Infrastructure as Code Scripts + +## Names and KTH ID + + - Adam Mehdi (adammeh@kth.se) + - Birger Karlsson (birgerk@kth.se) + +## Deadline + + - Week 6 + +## Category + + - Scientific Paper + +## Description + +We intend to present the paper "The Seven Sins: Security Smells in Infrastructure as Code Scripts" published in "2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)". The paper looks into security flaws in infrastructure as code (IaC) scripts. The process that the paper follows is that they apply qualitative analysis on Iac Scripts before using a static analysis tool to identify any security smells. They then proceed to submit bug reports on the security smells that they find. + +**Relevance** + +This paper is relevant to DevSecOps as it ensures security through qualitative analysis to identify "security smells", being common patterns for security weaknesses. This is relevant and important to avoid writing code that follows such risky patterns while writing IaC scripts. \ No newline at end of file From 68fd65e2fee46e7f855b9f425cbf2d63b859e1ac Mon Sep 17 00:00:00 2001 From: adammeh Date: Wed, 24 Sep 2025 10:31:58 +0200 Subject: [PATCH 09/12] Update README.md --- contributions/executable-tutorial/adammeh-xzuo/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contributions/executable-tutorial/adammeh-xzuo/README.md b/contributions/executable-tutorial/adammeh-xzuo/README.md index 094ca0abac..13a65debef 100644 --- a/contributions/executable-tutorial/adammeh-xzuo/README.md +++ b/contributions/executable-tutorial/adammeh-xzuo/README.md @@ -30,4 +30,5 @@ In this tutorial, we will demonstrate Chaos Engineering on a Kubernetes cluster. In DevOps, ensuring the high availability and resilience of services is crucial. Chaos Engineering provides a structured way to verify that systems behave as expected under failure conditions. By running controlled chaos experiments, teams can uncover vulnerabilities before they affect real users. -This tutorial is hosted on killercoda: https://killercoda.com/devops-tutorial-task2/scenario/pod-failure \ No newline at end of file +Link to killercoda tutorial: https://killercoda.com/devops-tutorial-task2/scenario/pod-failure +Link to github repo: https://github.com/adammeh/chaos-engineering-tutorial \ No newline at end of file From 7ffada7ada729e5d2d9505c200ad326f3286c003 Mon Sep 17 00:00:00 2001 From: adammeh Date: Wed, 24 Sep 2025 10:33:46 +0200 Subject: [PATCH 10/12] fix --- contributions/executable-tutorial/adammeh-xzuo/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/contributions/executable-tutorial/adammeh-xzuo/README.md b/contributions/executable-tutorial/adammeh-xzuo/README.md index 13a65debef..094ca0abac 100644 --- a/contributions/executable-tutorial/adammeh-xzuo/README.md +++ b/contributions/executable-tutorial/adammeh-xzuo/README.md @@ -30,5 +30,4 @@ In this tutorial, we will demonstrate Chaos Engineering on a Kubernetes cluster. In DevOps, ensuring the high availability and resilience of services is crucial. Chaos Engineering provides a structured way to verify that systems behave as expected under failure conditions. By running controlled chaos experiments, teams can uncover vulnerabilities before they affect real users. -Link to killercoda tutorial: https://killercoda.com/devops-tutorial-task2/scenario/pod-failure -Link to github repo: https://github.com/adammeh/chaos-engineering-tutorial \ No newline at end of file +This tutorial is hosted on killercoda: https://killercoda.com/devops-tutorial-task2/scenario/pod-failure \ No newline at end of file From 84e79d482c620aacce2a5819e0cefa4dfef97352 Mon Sep 17 00:00:00 2001 From: adammeh Date: Wed, 24 Sep 2025 16:45:41 +0200 Subject: [PATCH 11/12] Scientific Paper Proposal --- .../scientific-paper/week6/adammeh-birgerk/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/contributions/scientific-paper/week6/adammeh-birgerk/README.md b/contributions/scientific-paper/week6/adammeh-birgerk/README.md index 5a03712450..61ca03bbbd 100644 --- a/contributions/scientific-paper/week6/adammeh-birgerk/README.md +++ b/contributions/scientific-paper/week6/adammeh-birgerk/README.md @@ -19,8 +19,10 @@ ## Description -We intend to present the paper "The Seven Sins: Security Smells in Infrastructure as Code Scripts" published in "2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)". The paper looks into security flaws in infrastructure as code (IaC) scripts. The process that the paper follows is that they apply qualitative analysis on Iac Scripts before using a static analysis tool to identify any security smells. They then proceed to submit bug reports on the security smells that they find. +We intend to present the paper "Control and Data Flow in Security Smell Detection for Infrastructure as Code: Is It Worth the Effort?" published in "2023 IEEE/ACM". This paper investigates the detection of security smells—bad practices that may lead to vulnerabilities—in IaC scripts. The authors propose GASEL, a detector based on Program Dependence Graphs (PDGs). Security smells are identified using graph queries over these PDGs. Additionally, the paper conducts an evaluation on a curated oracle of 243 real-world smells and a dataset of 15,000+ Ansible scripts. + +Paper link: https://ieeexplore.ieee.org/abstract/document/10174011 **Relevance** -This paper is relevant to DevSecOps as it ensures security through qualitative analysis to identify "security smells", being common patterns for security weaknesses. This is relevant and important to avoid writing code that follows such risky patterns while writing IaC scripts. \ No newline at end of file +This paper is relevant to DevSecOps as it ensures security by addressing "security smells" in IaC, being common patterns for security flaws. This is relevant and important to avoid writing insecure code that follows such risky patterns while writing IaC scripts. \ No newline at end of file From 40db8a20f7e559a651f7ff3631362bacc8a92f9f Mon Sep 17 00:00:00 2001 From: adammeh Date: Wed, 24 Sep 2025 16:46:20 +0200 Subject: [PATCH 12/12] fix title --- contributions/scientific-paper/week6/adammeh-birgerk/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contributions/scientific-paper/week6/adammeh-birgerk/README.md b/contributions/scientific-paper/week6/adammeh-birgerk/README.md index 61ca03bbbd..368605eae3 100644 --- a/contributions/scientific-paper/week6/adammeh-birgerk/README.md +++ b/contributions/scientific-paper/week6/adammeh-birgerk/README.md @@ -2,7 +2,7 @@ ## Title - - The Seven Sins: Security Smells in Infrastructure as Code Scripts + - Control and Data Flow in Security Smell Detection for Infrastructure as Code: Is It Worth the Effort? ## Names and KTH ID