DevOps Classroomnotes 27/Aug/2022

DevSecOps (Contd)

  • Here is the list of some opensource free tools for SAST, SCA and DAST Refer Here

OWASP Dependency Check

  • Refer Here for the official web site
  • Refer Here for the documentation of dependency check
  • Installation:
    • Ensure JAVA is installed
sudo apt update
sudo apt install openjdk-11-jdk -y
  • Download the dependency check Refer Here
  • To upload this into linux use sftp
    • Get into the directory where you have zip downloaded
    • Figure out ssh command to connect to ubuntu instance, replace ssh with sftp `sftp -i ~/Downloads/ansiblelearning.pem ubuntu@100.100.100.100
    • upload using put <filename>
  • Now install unzip sudo apt install unzip -y
unzip ~/dependency-check-7.1.2-release.zip
cd ~
git clone https://github.com/wakaleo/game-of-life.git
cd game-of-life/
~/dependecy-check/dependency-check/bin/dependency-check.sh --project "helloworld" --scan ~/game-of-life/

Preview

OWASP ZAP (DAST)

  • Install OWASP ZAP either from chocolatey or manual install and then scan any url
  • Generated report in your CI/CD Tool
    Preview
  • When we work with CI/CD we generate this report by running ZAP from Command line Refer Here

Activities

  1. Create a Synk account Refer Here
  2. Ensure you have a Github account and docker hub account.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner