From d7969fed3d18fd20d0a051bfcd8faf93358e4539 Mon Sep 17 00:00:00 2001 From: Klagarge Date: Tue, 15 Apr 2025 22:07:39 +0200 Subject: [PATCH] docs: add answers for questions 4.2 Copy answer from issue discussion to the right place Refs: #19 Signed-off-by: Alec Schmidt --- docs/questions-part4.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/questions-part4.md b/docs/questions-part4.md index 7cfd8ab..be8bd71 100644 --- a/docs/questions-part4.md +++ b/docs/questions-part4.md @@ -14,3 +14,13 @@ GitLeaks can find strings like API keys, passwords, and other sensitive informat The scan of the git repository didn't detect the previous flask key because it was not in the format that GitLeaks recognizes. Usually, the best practice is to use environment variables to store sensitive information. This way, the information is not exposed in the code. + +## Q4.2 +The Dependency scanning tool from GitLab linked by the teacher in the exercise cannot be used as it is limited to Gitlab Ultimate. I am looking into using an open-source solution + +After using three different scanning tools, no known vulnerabilities were found. + +Tools used : +- pyscan +- safety +- pip-audit