file_06 · SELF-HOST
This Portfolio
● LIVE · YOU ARE INSIDE IT
A DevSecOps exhibit: hardened static site with automated edge deployment.
problem
A security engineer’s portfolio should itself be evidence. Most portfolios ship with no security headers, no CSP, and no deployment discipline — this one is built as a small production system.
architecture
approach
- 01 Static-first architecture (Astro islands): all content pre-rendered, JavaScript hydrated only for interactive components.
- 02 Git-push CI/CD: every commit to main triggers an automated build and global edge deployment on Cloudflare Pages.
- 03 Hardened HTTP response headers — Content-Security-Policy, HSTS, X-Frame-Options, referrer and permissions policies — shipped via edge configuration.
stack
Astro React islands TypeScript Tailwind CSS Canvas API Cloudflare Pages
impact
- Zero-server, zero-cost production deployment with automated CI/CD and TLS.
- Security-header configuration targeting an A grade on securityheaders.com.
key learnings
- DevSecOps at small scale is mostly about defaults: headers, least-JavaScript, and automated pipelines cost nothing if designed in from commit one.
- Performance and security point the same direction — shipping less code is both faster and a smaller attack surface.