DevSecOps-Pipelines
DevSecOps-Pipelines copied to clipboard
Published
20 hours ago •
Whitespots-OU
Whitespots-OU
Application Security pipelines
Application Security pipelines 🚀
📜 Summary
This open-source framework is designed for application security managers and engineers to increase the speed of integration of security practices into the development lifecycle.
Here you may see the process demonstration:
⚙️ Requirements
Engeneering
Systems:
- DefectDojo (to manage vulnerabilities)
- Metabase (for metrics)
- GitLab (for pipelines)
Management
People: 1 engineer + 1 manager
Time: 2 weeks for technical integration if all systems exist and the network access is granted
Risks:
- Vulnerabilities will not be fixed without agreement with the business team that reducing the WRT metric is one of its goals
- You may have so many vulnerabilities in your code base that you would need another security engineer to verify them
1. Setup pipelines
Gitlab group with all repositories
2. Triage vulnerabilities in DefectDojo
(Click, it's video)
3. Integrate more difficult checks
(Click, it's video)
Whitespots-OU