docs: add answers for questions 4.2
Copy answer from issue discussion to the right place Refs: #19 Signed-off-by: Alec Schmidt <alec.schmidt@master.hes-so.ch>
This commit is contained in:
@@ -14,3 +14,13 @@ GitLeaks can find strings like API keys, passwords, and other sensitive informat
|
||||
The scan of the git repository didn't detect the previous flask key because it was not in the format that GitLeaks recognizes.
|
||||
|
||||
Usually, the best practice is to use environment variables to store sensitive information. This way, the information is not exposed in the code.
|
||||
|
||||
## Q4.2
|
||||
The Dependency scanning tool from GitLab linked by the teacher in the exercise cannot be used as it is limited to Gitlab Ultimate. I am looking into using an open-source solution
|
||||
|
||||
After using three different scanning tools, no known vulnerabilities were found.
|
||||
|
||||
Tools used :
|
||||
- pyscan
|
||||
- safety
|
||||
- pip-audit
|
||||
|
Reference in New Issue
Block a user