DevSecOps (Contd)
- Here is the list of some opensource free tools for SAST, SCA and DAST Refer Here
OWASP Dependency Check
- Refer Here for the official web site
- Refer Here for the documentation of dependency check
- Installation:
- Ensure JAVA is installed
sudo apt update
sudo apt install openjdk-11-jdk -y
- Download the dependency check Refer Here
- To upload this into linux use sftp
- Get into the directory where you have zip downloaded
- Figure out ssh command to connect to ubuntu instance, replace ssh with sftp `sftp -i ~/Downloads/ansiblelearning.pem ubuntu@100.100.100.100
- upload using
put <filename>
- Now install unzip
sudo apt install unzip -y
unzip ~/dependency-check-7.1.2-release.zip
cd ~
git clone https://github.com/wakaleo/game-of-life.git
cd game-of-life/
~/dependecy-check/dependency-check/bin/dependency-check.sh --project "helloworld" --scan ~/game-of-life/
OWASP ZAP (DAST)
- Install OWASP ZAP either from chocolatey or manual install and then scan any url
- Generated report in your CI/CD Tool
- When we work with CI/CD we generate this report by running ZAP from Command line Refer Here
Activities
- Create a Synk account Refer Here
- Ensure you have a Github account and docker hub account.
