Article

Designing a DevSecOps GitHub Actions Pipeline for .NET: Quality, SAST, SCA, Signing, and DAST

A practical .NET DevSecOps GitHub Actions design that splits CI and CD, layers quality gates, local Husky hooks, Checkov, Semgrep, CodeQL, optional Sonar, Microsoft Testing Platform coverage with Cobertura and Coveralls, SBOM generation, Cosign signing, provenance attestation, automatic main-to-dev deployment, tag-to-staging promotion, and manual-gated production release with smoke, k6, and ZAP validation.

Mehdi Hadeli

Software Architecture

Read