Repository with tools, resources, and guidelines to enable security tests into CI/CD pipelines.
The purpose is to shift-left by injecting the security processes earlier on Software Development Lyfe-Cycle (SLDC).
Use 'Makefile.sec + Docker' to run security tests in CI/CD pipelines
- Download the Makefile to your source code folder
curl -o Makefile.sec https://raw.githubusercontent.com/arainho/ci-sec/main/Makefile.sec
- Run the desired security test
make -f Makefile.sec secret_detection
Next, we have dedicated entries for all the security tests available.
| Name | Makefile entry | Instructions Status |
|---|---|---|
| API scan | -- | -- |
| Container scanning | -- | in progress |
| DAST | -- | -- |
| Dependency scanning | -- | -- |
| IaC scanning | -- | in progress |
| Kubernetes scan | -- | in progress |
| SAST | yes | in progress |
| Secret detection | yes | in progress |
Next, we have entries for CI-CI pipelines definitions available.
| CI/CD system | Instructions Status |
|---|---|
| Buildkite | in progress |
| GitHub | in progress |
| GitLab | in progress |
| Go-CD | -- |
| Jenkins | -- |
Tables legend:
Makefile entryindicates whether there is an entry for the specified test (yes) or not (--).Instructions statusindicates whether there is an entry for the test (in progress) or is empty (--).