Implement SAST + DAST through Github actions

Related tags

Third-party APIs Wrapperssast-dast
Overview

Implement SAST + DAST through Github actions

The repository is supposed to implement SAST+DAST checks using github actions against a vulnerable python application which allows RCE. Goal is to detect it before it gets pushed into production.

Roadmap

  • Python vulnerable RCE application
  • Github actions (executes on PR to main/master branch)
    • Implement SAST using bandit
    • Implement DAST using OWASP ZAP (need app deployed somewhere - k8s to the rescue!)
    • Deploy application using Kubernetes for OWASP ZAP scan
  • Post gist of found vulnerabilities in Slack
    • SAST - Use hashicorp vault to reference slack bot credentials
    • DAST - Use hashicorp vault to reference slack bot credentials
Owner
Syed Umar Arfeen
Sr. Security Engineer @Ebryx, OSCP, OSWE, Penetration Tester, Weeb, !Dank Memer, and as you can see a "wanna-be" programmer as well :)
Syed Umar Arfeen
GitHub Repository
Exchange indicators & Basic functions for Binance API.

binance-ema Exchange indicators & Basic functions for Binance API. This python library has been written to calculate SMA, EMA, MACD etc. functions wit

Emre MENTEŞE 24 Jan 06, 2023
A powerful bot to copy your google drive data to your team drive

⚛️ Clonebot - Heroku version ⚡ CloneBot is a telegram bot that allows you to copy folder/team drive to team drives. One of the main advantage of this

MsGsuite 269 Dec 23, 2022
Twitter automation tool for growing organic followers.

Tiwoto Tiwoto is a simple python program that automates some kind of behaviors and keep your account active. Create an .env file in this directory and

Mehmetcan Yildiz 6 Sep 22, 2022
An Advanced Python Playing Card Module that makes creating playing card games simple and easy!

playingcards.py An Advanced Python Playing Card Module that makes creating playing card games simple and easy! Features Easy to Understand Class Objec

Blake Potvin 5 Aug 30, 2022
An attempt to escape the horrible JIRA editor.

An attempt to escape the horrible JIRA editor. jira_filter.py is a pandoc filter that cleans up some of JIRA's html so that it can be converted to Mar

Stefan Matting 2 Feb 10, 2022
A simple Discord Mass-Ban that's still working with Member Scraper.

Mass-Ban [!] This was made for education / you can use for revenge. Please don't skid it. [!] If you want to use it, please use member scraper before

WoahThatsHot 1 Nov 20, 2021
Create Basic ERC20 token with Solidity, Brownie and Python

Create Basic ERC20 token with Solidity, Brownie and Python Demo Check out Cornell Token on Rinnkeby network with Etherscan. Installation Install brown

Ethan Huang 2 Feb 16, 2022
Web-music-bot - A telegram bot which get a *site Url* and sends all songs contain in the Url to telegram

web music bot this is a telegram bot which get a site Url and sends all songs co

Arya Shabane 4 Apr 02, 2022
SIGIT - Simple Information Gathering Toolkit

SIGIT - Simple Information Gathering Toolkit Features userrecon - username reconnaissance facedumper - dump facebook information mailfinder - find ema

Termux Hackers 437 Dec 29, 2022
This project is based on discord.py and is meant to be a 'Quick Start Bot' to cut down on the time it takes to write complex discord bots.

This project is based on discord.py and is meant to be a 'Quick Start Bot' to cut down on the time it takes to write complex discord bots.

Alec Ibarra 1 Mar 03, 2022
Library for working with QIWI API.

Library for working with QIWI API.

qxtony 2 Apr 26, 2022
Telegram Group Management Bot based on Pyrogram

Komi-San Telegram Group Management Bot based on Pyrogram More updates coming soon Support Group Open a Pull request if you wana contribute Example for

33 Nov 07, 2022
qualysclient - a python SDK for interacting with the Qualys API

qualysclient - a python SDK for interacting with the Qualys API

5 Oct 28, 2022
An API wrapper around Discord API.

NeoCord This project is work in progress not for production use. An asynchronous API wrapper around Discord API written in Python. Features Modern API

Izhar Ahmad 14 Jan 03, 2022
thumbor is an open-source photo thumbnail service by globo.com

Survey If you use thumbor, please take 1 minute and answer this survey? It's only 2 questions and one is multiple choice!!! thumbor is a smart imaging

Thumbor (by @globocom) 9.3k Dec 31, 2022
Automatically load stolen cookies from ChromePass

AutoCookie - Automatically loading stolen cookies from ChromePass View Demo · Report Bug · Request Feature Table of Contents About the Project Getting

darkArp 21 Oct 11, 2022
Cloudshell-sandbox-reporter - Helper modules and classes for writing to Cloudshell sandbox console

Cloudshell Sandbox Reporter This project provides utility classes for formatting

QualiLab 2 Sep 07, 2022
Marketplace for self published books

Nile API API for the imaginary Nile marketplace for self published books. This is a project created to try out FastAPI as the post promising ASGI serv

Matt de Young 1 Jan 31, 2022
Python Client for Instagram API

This project is not actively maintained. Proceed at your own risk! python-instagram A Python 2/3 client for the Instagram REST and Search APIs Install

Facebook Archive 2.9k Dec 30, 2022
A project that automatically sends you a Medium article on a topic of your choosing to your email address daily.

Daily Article from Medium ✏️ About A project that automatically sends you a Medium article on a topic of your choosing to your email address daily. No

Orhan Emre Dikicigil 2 Apr 27, 2022