← cd ../projects

file_06 · SELF-HOST

This Portfolio

● LIVE · YOU ARE INSIDE IT

A DevSecOps exhibit: hardened static site with automated edge deployment.

problem

A security engineer’s portfolio should itself be evidence. Most portfolios ship with no security headers, no CSP, and no deployment discipline — this one is built as a small production system.

architecture

Deployment pipeline
Git push 01 CI build (Astro) 02 Edge deploy (Cloudf… 03 Security headers 04 Global CDN 05

approach

  • 01 Static-first architecture (Astro islands): all content pre-rendered, JavaScript hydrated only for interactive components.
  • 02 Git-push CI/CD: every commit to main triggers an automated build and global edge deployment on Cloudflare Pages.
  • 03 Hardened HTTP response headers — Content-Security-Policy, HSTS, X-Frame-Options, referrer and permissions policies — shipped via edge configuration.

stack

Astro React islands TypeScript Tailwind CSS Canvas API Cloudflare Pages

impact

  • Zero-server, zero-cost production deployment with automated CI/CD and TLS.
  • Security-header configuration targeting an A grade on securityheaders.com.

key learnings

  • DevSecOps at small scale is mostly about defaults: headers, least-JavaScript, and automated pipelines cost nothing if designed in from commit one.
  • Performance and security point the same direction — shipping less code is both faster and a smaller attack surface.
next file CyberVajra →