Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default cards around security and DevSecOps #272

Open
TheDukeDK opened this issue Mar 19, 2021 · 0 comments
Open

Default cards around security and DevSecOps #272

TheDukeDK opened this issue Mar 19, 2021 · 0 comments
Labels
card idea Request for a new card

Comments

@TheDukeDK
Copy link

TheDukeDK commented Mar 19, 2021
edited
Loading

Looking at the default cards I think we seem to be perpetuating the old tack security on at then end approach by not even having DevSecOps steps in the default set.

This is whole reason the phrase DevSecOps was coined.

Would it not make sense to add the following cards or something similar?

Heading: Static Application Security Testing (SAST)

Label: Security

Step Type: DevSecOps

Definition: Run a tool that identifies vulnerabilites in your source code, third party dependencies, container images or infrastructure as code.

Heading: Dynamic Application Security Testing (DAST)

Label: Security

Step Type: DevSecOps

Definition: Run a tool that identifies vulnerabilites in your running web application. The tool can check for vulnerabilities like cross-site scripting, SQL injection, API security, etc.
@sofusalbertsen sofusalbertsen added the card idea Request for a new card label Mar 25, 2021
sofusalbertsen added a commit that referenced this issue Aug 3, 2022
@sofusalbertsen
#272 ADD security cards
edce822
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
card idea Request for a new card
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sofusalbertsen @TheDukeDK