Implement SAST + DAST through Github actions

Related tags

Third-party APIs Wrapperssast-dast
Overview

Implement SAST + DAST through Github actions

The repository is supposed to implement SAST+DAST checks using github actions against a vulnerable python application which allows RCE. Goal is to detect it before it gets pushed into production.

Roadmap

  • Python vulnerable RCE application
  • Github actions (executes on PR to main/master branch)
    • Implement SAST using bandit
    • Implement DAST using OWASP ZAP (need app deployed somewhere - k8s to the rescue!)
    • Deploy application using Kubernetes for OWASP ZAP scan
  • Post gist of found vulnerabilities in Slack
    • SAST - Use hashicorp vault to reference slack bot credentials
    • DAST - Use hashicorp vault to reference slack bot credentials
Owner
Syed Umar Arfeen
Sr. Security Engineer @Ebryx, OSCP, OSWE, Penetration Tester, Weeb, !Dank Memer, and as you can see a "wanna-be" programmer as well :)
Syed Umar Arfeen
GitHub Repository
The records of 42 million users from a third-party version of the popular Telegram messaging app have just been Iranian accounts leaked

TelegramDatabase About The records of 42 million users from a third-party version of the popular Telegram messaging app have just been Iranian account

Hamed Mohammadvand 10 Jan 14, 2022
The successor of GeoSnipe, a pythonic Minecraft username sniper based on AsyncIO.

OneSnipe The successor of GeoSnipe, a pythonic Minecraft username sniper based on AsyncIO. Documentation View Documentation Features • Mojang & Micros

1 Jan 14, 2022
The best (and now open source) Discord selfbot.

React Selfbot Yes, for real Why am I making this open source? Because can't stop calling my product a rat, tokenlogger and what else not. But there is

30 Nov 13, 2022
Discord bot built using Python. through this you can get information about the upcoming matches, scoreboard, live score

IPL-bot This is a Discord bot built using Python. through this you can get information about the upcoming matches, scoreboard, live score, and many mo

0 Dec 23, 2021
Python Discord Server Nuker

Untitled Nuker Python Discord Server Nuker Features: Ban Everyone Kick Everyone Rename Everyone Spam To All Channels Delete All Channels Delete All Ro

22 Dec 22, 2022
Eva Maria Telegram Bot

Eva Maria Bot Features Auto Filter Manuel Filter IMDB Admin Commands Broadcast Index IMDB search Inline Search Random pics ids and User info Stats, Us

Eva Maria TG 477 Dec 31, 2022
Music bot for Discord

Treble Music bot for Discord Youtube is after music bots on Discord. So we are here to fill the void. Introducing Treble, the next generation of Disco

Aja Khanal 0 Sep 16, 2022
Fast discord token checker with high cpm

Discord-Token-checker Fast discord token checker with high cpm preivew Download git clone https://github.com/TusTusDev/Discord-Token-checker pip insta

Tustus 1 Oct 15, 2021
A discord nitro generator written in python

VerseGenerator A discord nitro generator written in python Usage ・Fork the repo ・Clone it to replit ・Install the required packages and run it ・Input t

NotDrakezz 4 Nov 13, 2021
Azure Neural Speech Service TTS

Written in Python using the Azure Speech SDK. App.py provides an easy way to create an Text-To-Speech request to Azure Speech and download the wav file.

Rodney 1 Oct 11, 2021
Download apps and remove icloud

Download apps and remove icloud

0x 70 Dec 29, 2022
Gets instagram public username and returns usefull informations like profilepic(b64), video_urls etc.

InstaSucker Gets instagram public username and returns usefull informations like profilepic(b64), video_urls etc. Information this project contains a

Armin Amiri 5 Apr 30, 2022
Fully Automated Omegle Chatbot

omegle-bot tutorial features fast runs in background can run multiple instances at once Requirement Run this command in cmd, terminal or PowerShell (i

6 Aug 07, 2021
AI-El-Yazisini-Tanima - Fotoğraflardaki El Yazını Yapay Zeka İle Otomatik Tanıma Yazılımı

AI-El Yazısını Tanıma Fotoğraflardaki El Yazını Yapay Zeka İle Otomatik Tanıma Yazılımı Amaç : Birden fazla makine öğrenmesi modelini bir arada kullan

Özgür Tokay 3 Mar 02, 2022
Easy to use API Wrapper for somerandomapi.ml.

Overview somerandomapi is an API Wrapper for some-random-api.ml Examples Asynchronous from somerandomapi import Animal import asyncio async def main

Myxi 1 Dec 31, 2021
Anime-Discord-Bot - Lightweight anime searching Discord bot supported by the AnilistPython library (anilist.co APIv2 wrapper))

Anime-Discord-Bot Anime retrieving Discord bot supported by the AnilistPython Li

Kevin L. 3 Jul 14, 2022
Telegram Bot that's allow you to play Video & Music on Telegram Group Video Chat

WAR MUSIC / VIDEO PLAYER Bot Bot Link: 🧪 Get SESSION_NAME from below: Pyrogram 🎭 Preview ✨ Features Music & Video stream support MultiChat support P

Abhishek singh 11 Dec 25, 2022
Um bot simples para seguir as pessoas

Um bot simples para seguir pessoas no instagram, criado apeanas para testes. Utilizando o framework "Selenium", criei um bot para entrar em uma conta

Mobben 1 Nov 05, 2021
Free python/telegram bot for easy execution and surveillance of crypto trading plans on multiple exchanges.

EazeBot Introduction Have you ever traded cryptocurrencies and lost overview of your planned buys/sells? Have you encountered the experience that your

Marcel Beining 100 Dec 06, 2022
Covid19 API. (Currently Scrapes: worldometers)

Covid19-API An opensource Covid19 API (currently uses worldometer only) Output Examples Covid19 Every Country Data Request URL your-ip/api/all Resp

Amresh Prasad Sinha 14 Oct 03, 2022