pro
Alexis Nieves
Senior DevOps/SRE | AWS, Kubernetes & Terraform Expert
New to Contra
Alexis is ready for their next project!
Comparing AWS ECS and AWS EKS for Container Orchestration
0
0
Implementing Additional Checks for AWS Security
0
0
Designed and developed a Command Line Interface (CLI) security tool that leverages the Google Gemini API (gemini-2.5-flash) to perform advanced, AI-driven vulnerability analysis on Python codebases. This tool acts as an automated security engineer, scanning source code to detect critical flaws before they reach production.
The scanner parses Python files and evaluates them against a detailed security prompt to identify vulnerabilities such as SQL injection, hardcoded secrets (API keys and database passwords), weak cryptography (e.g., MD5 hashing), insecure deserialization, and improper input validation. It outputs a structured, color-coded terminal report assigning severity ratings (🔴 High, 🟠Medium, 🟢 Low) to each finding. For every detected issue, the tool provides the vulnerability type, the exact line number, a concise explanation of the risk and potential impact, and actionable remediation advice with secure code fixes.
The architecture is built on a lightweight Python foundation using a virtual environment for dependency isolation. It utilizes the google-generativeai SDK for model interaction and python-dotenv for secure environment variable management, ensuring API keys are never hardcoded. This project demonstrates the ability to integrate cutting-edge Large Language Models (LLMs) into traditional DevSecOps workflows, providing enterprise-grade security scanning capabilities directly within the developer's terminal.
0
2
Architected and implemented a production-grade, fully automated DevOps platform on AWS, covering the entire software delivery lifecycle from code commit to live deployment. The platform integrates eight tightly coupled layers: a developer workflow built on Git, Docker Compose, and pull requests; a GitHub Actions CI/CD pipeline with dedicated workflows for continuous integration, deployment, Terraform provisioning, security scanning, and semantic releases; and a multi-tool security gate enforcing SAST, SCA, IaC scanning, container analysis, OWASP ZAP, and CodeQL checks before any artifact progresses.
Infrastructure is provisioned as code using Terraform, deploying a multi-AZ VPC, an EKS cluster, ECR repositories, RDS MySQL, an ALB with WAF, and IAM OIDC integration on AWS. Applications are packaged with Helm Umbrella Charts and deployed to Kubernetes with Horizontal Pod Autoscaling (2–8 replicas) and RBAC-enforced NetworkPolicies. GitOps state management is handled by ArgoCD, providing continuous reconciliation, drift detection, auto-sync, and self-healing across all application sets.
Observability is delivered through a dual-stack setup: a metrics pipeline (Prometheus → Grafana → Alertmanager → Slack) and a log aggregation pipeline (Filebeat → Logstash → Elasticsearch → Kibana). Releases are fully automated using Semantic Release with Conventional Commits, producing versioned GitHub Releases and Docker image tags without manual intervention.
0
4