Klagarge/MSE-CyberSec-DevSecOps
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'update/upstream'

Browse Source 
Update/upstream

See merge request Klagarge/mse2425-grp09!9
This commit is contained in:
Alec Schmidt
2025-04-09 16:39:08 +00:00
parent a59707eb23 fbea64d742
commit a3b4f90135
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/questions-part4.md Normal file
View File

@@ -0,0 +1,7 @@
# Questions
## Part 4
- **Q4.1**: Often secrets are committed in a repository. Different research tools exist and help to detect this kind of dangerous forgotten credentials. Integrate a check in your pipeline for these kinds of problems. Have a look at <https://github.com/zricethezav/gitleaks>. What kind of leaked secrets can you find in the git repo? Did the tool not find something that it should have found? Why? What possibilities exist to prevent this kind of leakage?
- **Q4.2**: Try to find any possible problems in our used libraries (e.g. flask). The `pyproject.toml` describes all the additional libraries used by the application. You can use a dependency scanning (have a look here: <https://docs.gitlab.com/ee/user/application_security/dependency_scanning/>) to see if all imported libraries are safe. Do you find any problems? Integrate the scanning in your pipeline.
- **Q4.3 (optional)**: API Fuzzing (and other kinds of DAST) is described at this page: <https://docs.gitlab.com/ee/user/application_security/api_fuzzing/>. Choose one of the different description possibilities for your *calculator* API. Integrate it in your pipeline.

2
misc/index.html
View File

@@ -1 +1 @@
<h1>Hello class, TSM_Cybersec</h1>
<h1>Hello class, TSM_Cybersec 2025</h1>