Whitespots-OU / DevSecOps-Pipelines

Application Security pipelines

Home Page:https://whitespots.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Application Security pipelines ๐Ÿš€

๐Ÿ“œ Summary

This open-source framework is designed for application security managers and engineers to increase the speed of integration of security practices into the development lifecycle.

Here you may see the process demonstration:

Process demonstration

(Youtube video)

โš™๏ธ Requirements

Engeneering

Systems:

Management

People: 1 engineer + 1 manager

Time: 2 weeks for technical integration if all systems exist and the network access is granted

Risks:

  • Vulnerabilities will not be fixed without agreement with the business team that reducing the WRT metric is one of its goals
  • You may have so many vulnerabilities in your code base that you would need another security engineer to verify them

1. Setup pipelines

Gitlab group with all repositories

Pipelines repo

Security images repo

Setup

(Youtube video)

2. Triage vulnerabilities in DefectDojo

(Click, it's video)

triage

(Youtube video)

3. Integrate more difficult checks

(Click, it's video)

triage

(Youtube video)

4. Contact us

Email

Website

Telegram