Deploying DevSecOps Application Lifecycle Management by using IBM Cloud projects

Before you begin

Make sure that you complete the prerequisites in the planning topics:

• Prerequisites for provisioning DevSecOps toolchains by using the Terraform script
• Prerequisites for provisioning DevSecOps toolchain operations

Adding to a project

1. Go to the DevSecOps Application Lifecycle Management catalog entry in the IBM Cloud catalog.
2. Select the latest product version in the Architecture section.
3. Select a variation, if more than one is available.
4. Agree to the terms and conditions on the Overview page and click Review deployment options.
5. Select the Add to project deployment type in Deployment options, and then click Add to project.
6. Name your project, enter a description, and specify a configuration name. Click Create.

Configuring the deployable architecture

You are now ready to configure the security, required variables, and optional variables.

1. In the Configure section, select your authentication method. You can use an existing secret in Secrets Manager or add your API key directly. For more information, see Using an API key or secret to authorize a project to deploy an architecture.

2. In the Required tab, enter values for required fields. In many cases, you can use the default option. For more information about required fields, see Required input variables.

   Table 1. List of required values for deployment

   Required value	Action	Example
   toolchain_name	Enter the prefix name for the toolchain. The toolchain name is appended with CI Toolchain, CD Toolchain, or CC Toolchain followed by a timestamp.	DevSecOps
   toolchain_region	Enter the region identifier that is used, by default, for all resource creation and service instance lookup.	us-south
   toolchain_resource_group	Enter the resource group that is used, by default, for all resource creation and service instance lookups. If you have more than one resource group in your account, choose a group. If not, you can use the default.	Default
   registry_namespace	Enter the namespace of the registry within the IBM Cloud Container Registry region where the application image is stored. Namespaces need to be unique in the region that you selected.	myregistry_free
   cluster_name	Enter the name of the Kubernetes cluster that you already created. The assumption is that it is in the resource group you selected. You can modify this in Advanced options.	mycluster_free
   sm_location	Enter the region location of the Secrets Manager instance that you previously set up.	us-south
   sm_name	Enter the name of the Secrets Manager instance that you previously set up.	sm-instance
   sm_resource_group	Enter the resource group that contains the Secrets Manager instance that you previously set up.	Default
   sm_secret_group	Enter the group in Secrets Manager instance that you previously set up for organizing or grouping secrets.	Default

   Table 1. List of required values for deployment

   Required value	Action	Example
   toolchain_name	Enter the prefix name for the toolchain. The toolchain name is appended with CI Toolchain, CD Toolchain, or CC Toolchain followed by a timestamp.	DevSecOps
   toolchain_region	Enter the region identifier that is used, by default, for all resource creation and service instance lookup.	us-south
   toolchain_resource_group	Enter the resource group that is used, by default, for all resource creation and service instance lookups. If you have more than one resource group in your account, choose a group. If not, you can use the default.	Default
   registry_namespace	Enter the namespace of the registry within the IBM Cloud Container Registry region where the application image is stored. Namespaces need to be unique in the region that you selected.	myregistry_free
   ci_code_engine_project	The name of the Code Engine project to use for the CI pipeline build. The project is created if it does not already exist.	Sample_CI_Project
   cd_code_engine_project	The name of the Code Engine project to use for the CD pipeline promoted code. The project is created if it does not already exist.	Sample_CD_Project
   sm_location	Enter the region location of the Secrets Manager instance that you previously set up.	us-south
   sm_name	Enter the name of the Secrets Manager instance that you previously set up.	sm-instance
   sm_resource_group	Enter the resource group that contains the Secrets Manager instance that you previously set up.	Default
   sm_secret_group	Enter the group in Secrets Manager instance that you previously set up for organizing or grouping secrets.	Default

3. Optional: Specify other values from the Optional tab. For more information about optional values, see Optional input variables.

4. Click Save.

Validating and deploying the deployable architecture

Now that you saved the configuration, you can validate and deploy the deployable architecture.

1. Click Validate and wait for validation to complete. Validation takes a few minutes.

   IBM Cloud projects run a Code Risk Analyzer scan that includes a set of Security and Compliance Center goals. Controls that are part of the deployable architecture and supported by IBM Cloud projects are checked. Any extra controls that are not included in the list of supported Security and Compliance Center goals are not checked when you validate the configuration.

   If the validation fails because of the Code Risk Analyzer scan, you can troubleshoot the failure.

2. Click Deploy after the validation succeeds. Deployment can take more than an hour. You are notified when the deployment is successful.

3. Copy the website URL that the Output tab populates and paste it into your browser to view the website that is created from your configuration.

During the validation and deployment process, monitor the needs attention items. The widget reflects any issue that occurs in your configurations.