Skip to content
/ pa2588-devsecops-sast Public template

Playground for learning a bit about Static Application Security Testing (SAST)

License

GPL-3.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bth-dipt-teaching/pa2588-devsecops-sast

BranchesTags

Repository files navigation

PA2588 DevSecOps: Playground for SAST (Static Application Security Testing)

This is part of the course DevSecOps. You will cover two ways of including SAST in your development process.

Preparation

  1. Click on Use this template to create a new repository in your GitHub account (don't fork it), and make sure to set the visibility to "Public".
  2. The GitHub actions should run automatically and be green.

1. Enable SAST in GitHub Actions

  1. In .github/workflows/sast.yml, uncomment the block labeled "Version 1" to enable Bandit.
    • After the next successful run of the GitHub actions, you should now see two security issues being reported.

2. Enable SAST locally

Preparation

  1. Install (if you don't have it already) and open Visual Studio Code
  2. Install the "pre-commit" Extension, by Adrian Figueroa
  3. Clone your project into Visual Studio Code.

Action

  1. Open a new terminal in Visual Studio, run pre-commit install to install the pre-commit hook
    • If pre-commit is not yet installed, run brew install pre-commit (if you have brew installed) or pip3 install pre-commit (otherwise)
  2. Add a comment line to app.py
  3. Run git add app.py && git commit -m "Update app.py" and see the commit fail with two security issues

About

Playground for learning a bit about Static Application Security Testing (SAST)

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Languages