DevSecOps projects/code which I've built and am in the process of open sourcing it. Releasing every 2-3 days.
Something I'm working on in my free time.
Run bandit SAST scans over the dvpwa (Damn Vulnerable Python Web Application) repository using GitLab CI.
#update things here regarding the 3 screenshots you added (with ref links) start a new project
stages: #denotes the stages in the pipeline. we need only one stage.
- bandit_scan #since we're running a bandit scan, it's bandit_scan :)
build-job:
stage: bandit_scan #which stage does this job belong to?
image: python:3.6 #what image are we cloning to run this?
script:
- git clone https://github.com/anxolerd/dvpwa #clone DVPWA
- cd dvpwa #cd into the folder
- pip3 install bandit #install the bandit package
# Run bandit with verbose (-v), recursive (-r) so that it scans all the subdirectories too, pass the path to dvpwa, output format as json (-f), and we want to store the output file as result.json (-o)
- bandit -v -r /builds/sample_devsecops/damnvulnerablepythonapp/dvpwa -f json -o /builds/sample_devsecops/damnvulnerablepythonapp/dvpwa/result.json
artifacts: #To keep the generated output result.json as an artifact
when: always #ensure that this artifact is present even if the build fails
paths: #where to store the artifact
- /builds/sample_devsecops/damnvulnerablepythonapp/dvpwa/result.jsonClean code present in .gitlab-ci.yml
Update the YAML CI/CD Code into a repository as the .gitlab-ci.yml file.
Auto-trigger the pipeline when a commit is made to the repository and a valid .gitlab-ci.yml file is present. As indicated, Artifact is generated and uploaded.
Artifact contains bandit scan reports of the Damn Vulnerable Python Web Application as highlighted below.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent