sechub
sechub copied to clipboard
mercedes-benz
SecHub provides a central API to test software with different security tools.
As a developer, I want to only see the vulnerabilities/issues introduced by my own code changes introduced with a PR, so I can focus on fixing them, without being distracted...
## Situation It is difficult to write and debug new `PDS` solution, because we always have to inspect the output stream for details etc. ## Wanted A simple way to...
As a developer, when I trigger a scan via a PR-triggered CI-step, I want to see the scan result in the PR, as a comment and status check. Requires: Github...
# Problem SecHub starts a PDS job and checks periodically whether the job is done or not. In case, the job does not finish in the defined `sechub.adapter.pds.default.timeout.minutes` time SecHub...
SecHub scans/reports are identified by a unique SecHub job UUID. The report shall be accessible for users (technical and non-technial) via in the Web UI (reuse the JobUUID). The link...
Provide a GitHub Action for SecHub on the public marketplace: https://github.com/marketplace?type=actions. A public action can easily be used by the community. This requires, that SecHub reports can be exported in...
The SARIF standard contains to properties, which can be used to represent [webRequests](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317505) and [webRepsonses](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317506). It might be worth exploring the possibility of using it for the OWASP ZAP.
It would be very helpful to have a summary in the report. Currently, there is no summary of the findings found. Having a summary in the report would allow a...
### Situation With the introduction of the `data` section inside the `sechub configuration` we can handle loading API definitions from files as well. The OWASP ZAP can handle loading API...
## Situation Currently when we have a failing integration test which leads to PDS execution it is very cumbersome to resolve the PDS job uuid from logs, open the output...
Metadata
Owner
Metadata
SecHub provides a central API to test software with different security tools.