Tools, resources and guidelines to enable security tests into CI/CD pipelines.
Repository with tools, resources, and guidelines to enable security tests into CI/CD pipelines.
The purpose is to shift-left by injecting the security processes earlier on Software Development Lyfe-Cycle (SLDC).
Use 'Makefile.sec + Docker' to run security tests in CI/CD pipelines
curl -o Makefile.sec https://raw.githubusercontent.com/arainho/ci-sec/main/Makefile.sec
make -f Makefile.sec secret_detection
Next, we have dedicated entries for all the security tests available.
| Name | Makefile entry | Instructions Status |
|---|---|---|
| API scan | — | — |
| Container scanning | — | in progress |
| DAST | — | — |
| Dependency scanning | — | — |
| IaC scanning | — | in progress |
| Kubernetes scan | — | in progress |
| SAST | yes | in progress |
| Secret detection | yes | in progress |
Next, we have entries for CI-CI pipelines definitions available.
| CI/CD system | Instructions Status |
|---|---|
| Buildkite | in progress |
| GitHub | in progress |
| GitLab | in progress |
| Go-CD | — |
| Jenkins | — |
Tables legend:
Makefile entry indicates whether there is an entry for the specified test (yes) or not (—).Instructions status indicates whether there is an entry for the test (in progress) or is empty (—).