Skip to content

Security scanning pipeline in Zuul focussed on dynamic infra tests

License

Notifications You must be signed in to change notification settings

SovereignCloudStack/security-infra-scan-pipeline

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

🛡️SCS - Security IaaS Scan Pipeline

Introduction

This repository contains the code necessary to recreate the SCS automated pentesting methodology, which allows to scan infrastructure targets to detect and manage security vulnerabilities, using state-of-the-art tools.

Features

  • Designed for daily and weekly runs
  • Based on docker containers
  • Port scanning
  • Web services identification
  • Template based scanning
  • Both Fast and Full DAST
  • Full infrastructure scanning
  • Export of results to a centralized vulnerabilities management system

Directory Structure

- /.zuul.d --> Contains Zuul configuration (jobs definition, global timeouts, secrets, etc)
  |- config.yaml
  |- secrets.yaml
- /docs -> Contains the security documentation for docs.scs.community
  |- overview.md
  |- tools.md   
- /files --> Contains scripts and other needed files
   |- greenbone-compose.yaml
   |- gvm_scan.py
   |- targets.txt
- playbooks --> Contains the definition of tasks for each job
   |- daily-scan.yaml
   |- greenbone.yaml
   |- httpx.yaml
   |- naabu.yaml
   |- nucley.yaml
   |- owasp-zap.yaml
   |- post.yaml
   |- pre.yaml
   |- weekly-scan.yaml
- .gitignore
- README.md

Getting Started

Go through the documentation for details on how the IaaS Scan Pipeline is designed and specific instructions about prerequisites, configuration and/or tweaks.

About

Security scanning pipeline in Zuul focussed on dynamic infra tests

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages