heroku java jenkins owasp owasp-dependencycheck owasp-zap sonarlint sonarqube vscode

Milestone - Learnathon (Java Web App) Demo Project

Learnathon is project which used to demo SDLC/DevSecOps cycle

You can view demo here!. You can visit http:/demo-learnathon.herokuapp.com/ to find out the XSS bug which I made for Milestone.

About DevSecOps cycle

I use Jenkins for through out the process and all job is handled on it.

Plan & Analysist Stage

Prepare the checklist with Security Knowledge Framework
Value security & risk of blueprint using Miro App to design threat modeling

Coding Stage

I use:

VS Code: IDE for dev
SonarLint: Application of Sonar ecosystem to improve code quality, code pattern and security code
Github: Store & archive sources, prepare for next stage
Maven: Build java project

Test & Scan Stage

In this stage, I will use 2 type of scanning - SAST & DAST scan for this project:

SAST (Static Application Security Testing): OWASP Dependency-Check and SonarQube scan
DAST (Dynamic Application Security Testing): OWASP ZAP Proxy

Release & Deploy Stage

Jenkins Tool
Heroku Cloud: for web app deploy and monitoring

Threat Modeling

About

The project uses S-SDLC/DevSecOps in software development cycle and ensure security measures. Illustrate how to secure your project with Java Web, Jenkins, SonarQube, ZAP

heroku java jenkins owasp owasp-dependencycheck owasp-zap sonarlint sonarqube vscode

Languages

Language:HTML 85.5%Language:JavaScript 13.3%Language:CSS 0.9%Language:Java 0.3%Language:Procfile 0.0%