threat-dragon icon indicating copy to clipboard operation
threat-dragon copied to clipboard

Published 20 hours ago verified publisher icon OWASP

provide API for CI/CD Pipelines

Open lreading opened this issue 3 years ago • 4 comments

Describe what problem your feature request solves Provide an API for CI/CD pipelines

Describe the solution you'd like Provide an API for CI/CD pipelines, see here for an example

Additional context

  • What functions are exposed for this API?
  • How do we handle authentication/authorization?
  • What do we use to document the API? (main github docs, auto-generated via swagger or apidoc?)

lreading avatar Apr 29 '21 11:04 lreading

I am in favor of swagger to document it. Many tools exist to extract the API structure from swagger and integrate it in other systems.

For auth/auth I am in favor of Oauth2 and OIDC. It would make it easy to integrate in a larger CI system (like Gitlab, Gitea, etc...) and access their CI pipelines.

For the functions, I see at least 2 main ones :

  • push a source code and get back a threat-dragon json from it (the source code may be annotated to help)
  • push tests results (junit xml for instance) and push a threat-dragon json and get a comparison analysis back

micheelengronne avatar Jan 06 '22 14:01 micheelengronne

Following @ShubhamPalriwala 's suggestion, this may be a good feature for the 2022 Google Summer of Code: https://github.com/OWASP/www-community/commits/master/pages/initiatives/gsoc/gsoc2022ideas.md

jgadsden avatar Feb 10 '22 10:02 jgadsden

This issue is stale because it has been open for 6 months with no activity.

github-actions[bot] avatar May 05 '24 07:05 github-actions[bot]