Merge branch 'update/upstream'
Update/upstream See merge request Klagarge/mse2425-grp09!9
This commit is contained in:
Alec Schmidt
7
docs/questions-part4.md
Normal file
7
docs/questions-part4.md
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
# Questions
|
||||||
|
|
||||||
|
## Part 4
|
||||||
|
|
||||||
|
- **Q4.1**: Often secrets are committed in a repository. Different research tools exist and help to detect this kind of dangerous forgotten credentials. Integrate a check in your pipeline for these kinds of problems. Have a look at <https://github.com/zricethezav/gitleaks>. What kind of leaked secrets can you find in the git repo? Did the tool not find something that it should have found? Why? What possibilities exist to prevent this kind of leakage?
|
||||||
|
- **Q4.2**: Try to find any possible problems in our used libraries (e.g. flask). The `pyproject.toml` describes all the additional libraries used by the application. You can use a dependency scanning (have a look here: <https://docs.gitlab.com/ee/user/application_security/dependency_scanning/>) to see if all imported libraries are safe. Do you find any problems? Integrate the scanning in your pipeline.
|
||||||
|
- **Q4.3 (optional)**: API Fuzzing (and other kinds of DAST) is described at this page: <https://docs.gitlab.com/ee/user/application_security/api_fuzzing/>. Choose one of the different description possibilities for your *calculator* API. Integrate it in your pipeline.
|
||||||
@@ -1 +1 @@
|
|||||||
<h1>Hello class, TSM_Cybersec</h1>
|
<h1>Hello class, TSM_Cybersec 2025</h1>
|
||||||
|
|||||||
Reference in New Issue
Block a user