Klagarge/MSE-CyberSec-DevSecOps
1
0
Fork 0
Code Issues Pull Requests Releases Activity

docs: add answers for questions 4.2

Browse Source 
Copy answer from issue discussion to the right place

Refs: #19
Signed-off-by: Alec Schmidt <alec.schmidt@master.hes-so.ch>
This commit is contained in:
Rémi Heredero
2025-04-15 22:07:39 +02:00
parent 2d592123d1
commit d7969fed3d
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/questions-part4.md
View File

@@ -14,3 +14,13 @@ GitLeaks can find strings like API keys, passwords, and other sensitive informat
The scan of the git repository didn't detect the previous flask key because it was not in the format that GitLeaks recognizes. The scan of the git repository didn't detect the previous flask key because it was not in the format that GitLeaks recognizes.
Usually, the best practice is to use environment variables to store sensitive information. This way, the information is not exposed in the code. Usually, the best practice is to use environment variables to store sensitive information. This way, the information is not exposed in the code.
## Q4.2
The Dependency scanning tool from GitLab linked by the teacher in the exercise cannot be used as it is limited to Gitlab Ultimate. I am looking into using an open-source solution
After using three different scanning tools, no known vulnerabilities were found.
Tools used :
- pyscan
- safety
- pip-audit