CI/CD Overview

Welcome to the CI/CD documentation for Kestrel. This guide covers advanced reporting capabilities, continuous integration workflows, and enterprise-grade automation features.

📋 Table of Contents

1. Overview
2. HTML Reporting with Charts
3. CI/CD Integration
4. Report Filtering & Customization
5. Enterprise Features
6. Implementation Examples
7. Quick Start

🎯 Overview

The Enhanced Reporting & CI/CD Integration feature set provides:

• Interactive HTML Reports with charts and graphs
• Multi-format Output (HTML, JSON, SARIF, PDF, CSV)
• GitHub Actions Workflows for automated security scanning
• Enterprise CI/CD Templates for various platforms
• Advanced Report Filtering and customization options
• Compliance Dashboard with real-time metrics

📊 HTML Reporting with Charts

Key Features

• Interactive Charts: Severity distribution, compliance scores, trend analysis
• Responsive Design: Works on desktop, tablet, and mobile devices
• Multiple Themes: Light, dark, and corporate themes
• Export Options: PDF generation, PNG chart export
• Real-time Filtering: Filter findings by severity, framework, or file type

Quick Example

# Generate HTML report with charts
kestrel scan --path . \
  --html \
  --output security-report.html \
  --html-charts \
  --html-theme light \
  --frameworks fips_140_3,pci_dss_4

Chart Types Available

1. Severity Distribution - Pie chart showing findings by severity level
2. Compliance Scores - Bar chart showing framework compliance percentages
3. Language Breakdown - Donut chart showing findings by programming language
4. Trend Analysis - Line chart showing security improvements over time
5. Framework Comparison - Radar chart comparing compliance across frameworks

🔄 CI/CD Integration

Supported Platforms

• GitHub Actions - Native integration with GitHub Security tab
• GitLab CI - SAST report integration and pipeline automation
• Jenkins - Pipeline DSL templates and build automation
• Azure DevOps - Azure Boards integration and artifact publishing
• CircleCI - Workflow automation and artifact storage

GitHub Actions Quick Setup

Note: Kestrel does not ship workflow files in .github/workflows. Use the template below.

# .github/workflows/security-scan.yml
name: Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Run Kestrel
      run: |
        curl -L https://github.com/harekrishnarai/kestrel/releases/latest/download/kestrel-linux-amd64 -o kestrel
        chmod +x kestrel
        python3 -m pip install semgrep
        ./kestrel scan --path . --sarif --output results.sarif
    - name: Upload to GitHub Security
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: results.sarif

Features

• SARIF 2.1.0 Support - Native integration with security platforms
• Policy Enforcement - Fail builds on critical violations
• Artifact Publishing - Store reports as build artifacts
• PR Comments - Automated security comments on pull requests
• Badge Generation - Compliance badges for README files

🎛️ Report Filtering & Customization

Filtering Options

• Severity Levels: Filter by critical, high, medium, or low severity
• Compliance Frameworks: Focus on specific standards (FIPS, PCI DSS, SOX)
• File Types: Include/exclude specific programming languages
• Custom Rules: Apply organization-specific security policies

Customization Features

• Branded Reports: Add company logos and styling
• Custom Themes: Create organization-specific visual themes
• Report Metadata: Add titles, descriptions, and version information
• Executive Summaries: High-level views for management stakeholders

Example Configuration

# kestrel-config.yaml
scan:
  frameworks: [fips_140_3, pci_dss_4]
  min_severity: medium
  include_patterns: ["*.go", "*.py", "*.js"]
  exclude_patterns: ["*_test.go", "node_modules/**"]

html:
  theme: corporate
  enable_charts: true
  custom_logo: "company-logo.png"
  
report:
  title: "Q1 2024 Security Assessment"
  description: "Quarterly cryptographic compliance review"

🏢 Enterprise Features

Security Platform Integration

• Splunk - SIEM integration with custom dashboards
• QRadar - Event correlation and threat detection
• Elastic Stack - Centralized logging and analytics
• ServiceNow - Incident management integration

Enterprise Authentication

• SAML 2.0 - Single sign-on integration
• LDAP/Active Directory - Enterprise user management
• OAuth 2.0 - Modern authentication protocols
• Role-Based Access Control - Granular permission management

Compliance Automation

• SOX Controls - Financial regulation compliance
• HIPAA - Healthcare data protection
• GDPR - European privacy regulation
• Custom Frameworks - Organization-specific policies

💡 Implementation Examples

Banking Application

# Multi-framework compliance scan for banking
./kestrel scan \
  --path . \
  --frameworks fips_140_3,pci_dss_4,sox_crypto \
  --min-severity high \
  --html \
  --output banking-compliance.html \
  --report-title "Banking Security Assessment"

Healthcare System

# HIPAA compliance with PHI protection focus
./kestrel scan \
  --path src/patient-data/ \
  --frameworks hipaa_crypto,fips_140_3 \
  --html \
  --output hipaa-compliance.html \
  --html-theme medical

E-commerce Platform

# PCI DSS compliance for payment processing
./kestrel scan \
  --path src/payments/ \
  --frameworks pci_dss_4 \
  --min-severity critical \
  --fail-on-critical \
  --sarif \
  --output payment-security.sarif

🚀 Quick Start

1. Basic Security Scan

# Download and run basic scan
curl -L https://github.com/harekrishnarai/kestrel/releases/latest/download/kestrel-linux-amd64 -o kestrel
chmod +x kestrel
python3 -m pip install semgrep
./kestrel scan --path . --html --output security-report.html

2. GitHub Actions Integration

1. Create .github/workflows/security-scan.yml with the template above
2. Commit and push to your repository
3. Check the Actions tab for scan results
4. View security findings in the Security tab

3. Advanced HTML Report

# Generate comprehensive report with all features
./kestrel scan \
  --path . \
  --frameworks fips_140_3,pci_dss_4 \
  --html \
  --html-charts \
  --html-theme corporate \
  --output comprehensive-report.html \
  --report-title "Security Assessment Report" \
  --report-description "Comprehensive cryptographic security analysis"

4. Professional PDF Report

# Generate professional PDF report
./kestrel scan \
  --path . \
  --frameworks fips_140_3,pci_dss_4 \
  --pdf \
  --output security-assessment.pdf \
  --pdf-title "Q1 2024 Security Assessment" \
  --pdf-description "Comprehensive Cryptographic Compliance Review" \
  --pdf-company "ACME Corporation Security Team" \
  --pdf-theme corporate

📚 Documentation Structure

docs/ci-cd/
├── README.md                      # This overview document
├── integration-guide.md           # Detailed CI/CD platform integration
├── filtering-customization.md     # Report filtering and customization
├── enterprise-integration.md      # Enterprise features and SSO
└── implementation-examples.mdx    # Real-world use cases and templates

🔗 Related Documentation

• Integration Guide - Platform-specific CI/CD setup
• Filtering & Customization - Advanced report configuration
• Enterprise Integration - Enterprise features and SSO
• Implementation Examples - Real-world templates

🆘 Support and Troubleshooting

Common Issues

1. Semgrep Installation: Ensure Python 3.7+ and pip are available
2. Memory Usage: Use --parallel-workers to limit resource consumption
3. Network Access: Ensure connectivity to GitHub and Semgrep rule repositories
4. File Permissions: Verify Kestrel binary has execute permissions

Getting Help

• Check the troubleshooting examples
• Review the GitHub Issues
• Consult the implementation examples for common patterns

🎉 Success Examples

Real-World Results

• 33 Security Findings detected across Go, Python, JavaScript, and Java
• Multi-format Reports generated (HTML with charts, JSON, SARIF)
• GitHub Actions Integration with automatic SARIF upload
• Compliance Scoring across FIPS 140-3 and PCI DSS frameworks
• Interactive Dashboards with Chart.js visualizations

Report Features Delivered

✅ HTML Reports with responsive Bootstrap design
✅ Interactive Charts using Chart.js library
✅ Multiple Themes (light, dark, corporate)
✅ SARIF 2.1.0 integration with GitHub Security
✅ GitHub Actions workflows for automation
✅ Report Filtering by severity and framework
✅ Enterprise Templates for various CI/CD platforms

---

For detailed implementation guides and advanced configurations, explore the individual documentation files in this directory.