Skip to content

Latest commit

 

History

History
49 lines (40 loc) · 2.71 KB

lab04.md

File metadata and controls

49 lines (40 loc) · 2.71 KB

4 - Adding Additional DevSecOps Controls

In this lab you will reuse workflow templates.

Duration: 10-15 minutes

References:

4.1 Secret Scanning with Gitleaks

  1. For Gitleaks Secret Scanning, uncomment this action: image
  2. Run the pipeline to see image

4.2 Software Composition Analysis with OWASP Dependency Review

  1. prerequisite - to avoid error:
Do DevSecOps Tasks
Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled along with GitHub Advanced Security on private repositories, see https://github.com/<your-github-repo>/devsecops-workshop/settings/security_analysis

image

  1. Uncomment the actions actions/dependency-review-action image
  2. See the pipeline run image

4.3 Static Application Security Test with CodeQL

  1. Enable CodeQL in GitHub security settings image
  2. Be sure to configure the tool image
  3. Click Enable CodeQL image
  4. After a scan, you should see some security vulnerabilities image image

4.4 Container Scanning with Microsoft Security DevOps (MSDO)

  1. uncomment this trivy action: image
  2. and these two actions image