Implement SAST + DAST through Github actions

Last update: Nov 09, 2022

Related tags

Overview

Implement SAST + DAST through Github actions

The repository is supposed to implement SAST+DAST checks using github actions against a vulnerable python application which allows RCE. Goal is to detect it before it gets pushed into production.

Roadmap

Python vulnerable RCE application
Github actions (executes on PR to main/master branch)
- Implement SAST using bandit
- Implement DAST using OWASP ZAP (need app deployed somewhere - k8s to the rescue!)
- Deploy application using Kubernetes for OWASP ZAP scan
Post gist of found vulnerabilities in Slack
- SAST - Use hashicorp vault to reference slack bot credentials
- DAST - Use hashicorp vault to reference slack bot credentials

Owner

Syed Umar Arfeen

Sr. Security Engineer @Ebryx, OSCP, OSWE, Penetration Tester, Weeb, !Dank Memer, and as you can see a "wanna-be" programmer as well :)

GitHub Repository

Telegram Group Chat Statistics With Python

Telegram Group Chat Statistics How to Run First add PYTHONPATH in repository root directory enviroment variable by running: export PYTHONPATH=${PWD}

3 Apr 18, 2022

Hydrathallies'in istegi uzerine yapildi :)

Telegram-Doviz-Bot Telegram Döviz Botu, Pyrogram ile yapıldı. Deploy Deploy on Heroku Deploy on local git clone https://github.com/lambda-stock/Telegr

2 Dec 08, 2021

A script to find the people whom you follow, but they don't follow you back

insta-non-followers A script to find the people whom you follow, but they don't follow you back Dependencies: python3 libraries - instaloader, getpass

5 Jul 03, 2022

A small python script which runs a speedtest using speedtest.net and inserts it into a Google Docs Spreadsheet.

speedtest-google-sheets This is a small python script which runs a speedtest using speedtest.net and inserts it into a Google Docs Spreadsheet. Setup

2 Feb 10, 2022

Python library for generating sequences with uniform stimulus history

Sampling Euler tours for uniform stimulus history Table of Contents About Examples Experiment 1 Experiment 2 Experiment 3 Experiment 4 Experiment 5 Co

5 Nov 11, 2021

A Python script to create customised Spotify playlists using the JSON, Spotipy Library and Spotify Web API, based on seed tracks in your history.

1 Feb 01, 2022

Backtest 1000s of minute-by-minute trading algorithms for training AI with automated pricing data from: IEX, Tradier and FinViz. Datasets and trading performance automatically published to S3 for building AI training datasets for teaching DNNs how to trade. Runs on Kubernetes and docker-compose. >150 million trading history rows generated from +5000 algorithms. Heads up: Yahoo's Finance API was disabled on 2019-01-03 https://developer.yahoo.com/yql/

Stock Analysis Engine Build and tune investment algorithms for use with artificial intelligence (deep neural networks) with a distributed stack for ru

828 Dec 28, 2022

Python Library for Accessing the Cohere API

Cohere Python SDK This package provides functionality developed to simplify interfacing with the Cohere API in Python 3. Documentation See the API's d

42 Jan 03, 2023

Editing a Tinder bot created by @frederikme

tinder_bot_edit Editing a Tinder bot created by @frederikme Table of Contents Basic Swipe Bot Basic Swipe Bot Download the code as a zip or clone the

1 Nov 23, 2021

Braintree Python library

Braintree Python library The Braintree Python library provides integration access to the Braintree Gateway. TLS 1.2 required The Payment Card Industry

230 Dec 18, 2022

AWS Workmail Migration Tool

WMigrate A tool for migrating AWS Workmail Users and Groups cross region and cross accounts. It also creates user and group aliases and adds the users

1 Oct 27, 2021

A simple use library for bot discord.py developers

Discord Bot Template It's a simple use library for bot discord.py developers. Ob

0 Oct 16, 2022

A suite of utilities for AWS Lambda Functions that makes tracing with AWS X-Ray, structured logging and creating custom metrics asynchronously easier

1.9k Jan 07, 2023

Send song lyrics to iMessage users using the Genius lyrics API

pyMessage Send song lyrics to iMessage users using the Genius lyrics API. Setup 1.) Open the main.py file, and add your API key on line 7. 2.) Install

1 Jan 23, 2022

An API wrapper for Henrik's Unofficial VALORANT API

ValorantAPI.py An API wrapper for Henrik's Unofficial VALORANT API Warning!! This project is still in beta and only contains barely anything yet. If y

0 Feb 04, 2022

Minimal API for the COVID Booking System of the Offices at the UniPD Math Dep

Simple and easy to use python BOT for the COVID registration booking system of the math department @ unipd (torre archimede). This API creates an interface with the official website, with more useful

4 Dec 24, 2021

LyricsGenius: a Python client for the Genius.com API

LyricsGenius: a Python client for the Genius.com API lyricsgenius provides a simple interface to the song, artist, and lyrics data stored on Genius.co

2 Jun 30, 2022

OpenSea Bulk Uploader And Trader 100000 NFTs (MAC WINDOWS ANDROID LINUX) Automatically and massively upload and sell your non-fungible tokens on OpenSea using Python Selenium

OpenSea Bulk Uploader And Trader 100000 NFTs (MAC WINDOWS ANDROID LINUX) Automatically and massively upload and sell your non-fungible tokens on OpenS

3 Mar 24, 2022

Fast and small Discord-Toolset.

Mooncord 🌙 Discord server: https://discord.gg/frnpk2rg Fast and small Discord-Toolset. Enjoy? Star this repo ⭐ (Main file in Mooncord/Moon-1.0.1/vers

9 Dec 11, 2021

Balsam Python client API & SDK

balsam No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator) This Python package is automatically

1 Oct 22, 2021