Work / Cloud · Infra / DevOps · DevSecOps Toolkit

No. 40 · Cloud · DevSecOps

Seven security tools.
One folder.
Zero system pollution.

Most DevSecOps stacks ask for a clean machine, an admin password, and an afternoon. This toolkit asks for a folder. Run it. Use it. Delete it. Your registry never knew it was there.

View source → See the seven tools

7Production tools shipped

0System-wide installs

1Folder · drag & drop

1×Click to install all

8GBRAM · enterprise-grade

Act I · The Problem

"Just install our DevSecOps stack." Famous last words.

A one-line install promise hides a two-day reality: PATH variables that never recover, services that auto-start at boot, registry keys you can't find, and a machine that refuses to feel clean again.

The usual experience

Each tool ships its own installer with admin rights
Java versions collide. PATH gets polluted.
Services register globally and auto-start at boot
Uninstall scripts leave orphan files in three directories
Two days lost before the first scan runs

This toolkit

Each tool lives in its own folder, with its own JDK
Install, start, stop, scan, destroy · from one menu
Nothing on PATH, no service registration, no boot start
Delete the folder. The machine is clean again.
Double-click the .bat. Pick a tool. Go.

Act II · The Promise

A single menu. Seven enterprise tools.

No SaaS subscriptions. No Docker required. No "shared services" team blocking your PR. Production-grade SAST, DAST, secrets management, monitoring · all running from your own folder, owned by your own filesystem, scanned by you.

devops-toolkit-manager.bat

  ╔═══════════════════════════════════════════════════════════════════════════╗
  ║                    DEVOPS · DEVSECOPS TOOLKIT                          ║
  ╠═══════════════════════════════════════════════════════════════════════════╣
  ║   [1]  SonarQube           Static Code & Vulnerability Analysis        ║
  ║   [2]  Jenkins             CI / CD Automation Server                    ║
  ║   [3]  Trivy               Container & Image Vulnerability Scanner     ║
  ║   [4]  OWASP ZAP           Dynamic Application Security Testing        ║
  ║   [5]  Grafana + Prometheus Metrics, Monitoring & Alerting              ║
  ║   [6]  HashiCorp Vault     Secrets Management & Encryption             ║
  ║   [A]  Install All Tools   Setup complete DevSecOps environment         ║
  ║   [S]  Status All          Check status of all tools                    ║
  ║   [D]  Destroy All         Remove all tools and data                    ║
  ╚═══════════════════════════════════════════════════════════════════════════╝
  # pick a tool. install. scan. destroy. nothing left behind.

Act III · The Rack

Seven tools. Each in its own folder.

Pick the one you need. Open its sub-manager. Each one knows how to install, start, stop, scan, and destroy itself · without consulting the host machine.

01 · SAST

SonarQube

Static code analysis

localhost:9000

OWASP Top 10 scanning across 30+ languages. Bugs, vulnerabilities, code smells, technical debt. Folder-isolated JDK.

02 · CI / CD

Jenkins

Pipeline automation

localhost:8080

The standard CI server, without the system-wide install. Folder-local JDK, zero service registration, kill-the-folder uninstall.

03 · Container Sec

Trivy

Image & filesystem scanner

CLI · folder-local

Catches CVEs in container images and IaC files. Reports stay inside its folder. No global PATH entry needed.

04 · DAST

OWASP ZAP

Live-application scanner

localhost:8090

The web pentester's standard. Active scan, passive scan, automated reports · all from a folder you can throw away.

05 · Metrics

Grafana

Dashboards & alerting

localhost:3000

Pre-wired to the bundled Prometheus instance. Comes up with sensible default dashboards. Goes down with one menu pick.

06 · Telemetry

Prometheus

Metrics collection

localhost:9090

Scrapes targets, stores time-series locally inside its folder, exposes /metrics. Pairs with the bundled Grafana.

07 · Secrets

HashiCorp Vault

Secrets & encryption

localhost:8200

Encrypts secrets at rest, brokers short-lived tokens, audits every access. Folder-local data store. Boot-isolated.

Act IV · The Lifecycle

Install. Use. Destroy.

The same five verbs work on every tool. Learn them once. They never lie about what they do.

Step 01

Install

Each tool downloads only into its own subfolder. Its own JDK. Its own data directory. Nothing global.
Step 02

Start

Tool boots on its assigned localhost port. No service registration. No boot start. The process belongs to your terminal.
Step 03

Scan / Use

Run a SonarQube analysis, ZAP a target, scrape metrics, store secrets. Same vocabulary across every tool's manager.
Step 04

Stop

One command. The process exits. No background service waiting at boot.
Step 05

Destroy

The folder goes. Data goes. The machine forgets the tool was ever installed. git pull a year later and start again, clean.

Act V · Proof

Why it stays clean. Every time.

One BAT to rule them all

devops-toolkit-manager.bat is the only entry point. It dispatches into per-tool sub-managers, each independent, each replaceable.

PowerShell core, Windows-native

Built for Windows 10/11 and Windows Server 2016+. PowerShell 5.1+, no third-party shells, no WSL required.

8GB RAM · 20GB disk · done

Reasonable on any developer laptop. The whole stack · SonarQube, Jenkins, Grafana, Prometheus, Vault, ZAP, Trivy · fits in a single folder under 20GB.

Status & Destroy modes

One command shows the running state of every tool. Another command tears them all down. Both are idempotent.

The Stack

PowerShell first. Production-grade everywhere.

Each tool is the canonical open-source build, wrapped in folder-isolation rather than reimplemented.

PowerShell 5.1+
Windows 10 / 11 / Server 2016+
SonarQube
Jenkins
Trivy
OWASP ZAP
Grafana
Prometheus
HashiCorp Vault
file.dmj.one
Aatmanirbhar Bharat

If your team can clone a repo, it can ship DevSecOps.

I build tooling that respects the host machine · folder-isolated, idempotent, deletable. The same discipline goes into every product here.

Hire me → Back to work