add question4
This commit is contained in:
Michael Mäder
committed by
Alec Schmidt
Alec Schmidt
parent
a59707eb23
commit
8703d85b1f
7
docs/questions-part4.md
Normal file
7
docs/questions-part4.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# Questions
|
||||
|
||||
## Part 4
|
||||
|
||||
- **Q4.1**: Often secrets are committed in a repository. Different research tools exist and help to detect this kind of dangerous forgotten credentials. Integrate a check in your pipeline for these kinds of problems. Have a look at <https://github.com/zricethezav/gitleaks>. What kind of leaked secrets can you find in the git repo? Did the tool not find something that it should have found? Why? What possibilities exist to prevent this kind of leakage?
|
||||
- **Q4.2**: Try to find any possible problems in our used libraries (e.g. flask). The `pyproject.toml` describes all the additional libraries used by the application. You can use a dependency scanning (have a look here: <https://docs.gitlab.com/ee/user/application_security/dependency_scanning/>) to see if all imported libraries are safe. Do you find any problems? Integrate the scanning in your pipeline.
|
||||
- **Q4.3 (optional)**: API Fuzzing (and other kinds of DAST) is described at this page: <https://docs.gitlab.com/ee/user/application_security/api_fuzzing/>. Choose one of the different description possibilities for your *calculator* API. Integrate it in your pipeline.
|
||||
Reference in New Issue
Block a user