Repository with tools, resources, and guidelines to enable security tests into CI/CD pipelines.
The purpose is to shift-left by injecting the security processes earlier on Software Development Lyfe-Cycle (SLDC).
Use 'Makefile.sec + Docker' to run security tests in CI/CD pipelines
- Download the Makefile to your source code folder
curl -o Makefile.sec https://raw.githubusercontent.com/arainho/ci-sec/main/Makefile.sec
- Run the desired security test
make -f Makefile.sec secret_detection
Next, we have dedicated entries for all the security tests available.
Name | Makefile entry | Instructions Status |
---|---|---|
API scan | -- | -- |
Container scanning | -- | in progress |
DAST | -- | -- |
Dependency scanning | -- | -- |
IaC scanning | -- | in progress |
Kubernetes scan | -- | in progress |
SAST | yes | in progress |
Secret detection | yes | in progress |
Next, we have entries for CI-CI pipelines definitions available.
CI/CD system | Instructions Status |
---|---|
Buildkite | in progress |
GitHub | in progress |
GitLab | in progress |
Go-CD | -- |
Jenkins | -- |
Tables legend:
Makefile entry
indicates whether there is an entry for the specified test (yes) or not (--).Instructions status
indicates whether there is an entry for the test (in progress) or is empty (--).