Skip to content

asnajaved/DevSecOps-Putting-Security-in-DevOps

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 

Repository files navigation

DevSecOps-Putting-Security-in-DevOps

In this workshop you will learn how to create a toolchain on IBM Cloud using contineous delivery service and detect vulnerabilities in your code before pushing it to git repository.

Step 1: Create IBM Cloud account

Signup/Sign-in on IBM Cloud account

Step 2: Create Toolchain

To create toolchain first Create contineous delivery service. Go to Catalog -> select services from left hand side -> scroll down -> click on contineous delivery service

1

2

Step 3: Clone git repository

After creating toolchain, clone your sample app in your local machine

3

4

5

 git clone <link of your repository>

To check all connections are working, modify the readme file and push it to your repository

 git commit -am "modified readme"
 git push 

Step 4: Create Snyk account

To create snyk account to go https://snyk.io/

Step 5: Connect Snyk with your repository

 npm install
 npm install -g snyk

Authorize snyk

 snyk auth 

Run below commands for snyk setup

 snyk monitor (Snyk uses monitoring to regularly test your code and notify you when new vulnerabilities are introduced)
 snyk test (The snyk test command tests a local project for known vulnerabilities.)
 snyk wizard (this will create a .snyk file) (snyk wizard configures your policy file to update, auto patch and ignore vulnerabilities in npm & yarn projects.)

update your gitrepository

 git add .snyk
 git commit -am "added .snyk"
 git push

Step 6: Vulnerabilities test

Downgrade your express.js to 4.4.5 in package.json file to introduce vulnerabilities in your code.

again run the below commands

npm install
snyk test

Now you can see how snyk monitors vulnerabilities.

Step 7: Add SAST file in your toolchain

to test vulnerabilities in toolchain add SAST testing stage in your git repository

6

7

9

now push the vulnerable code, you will notice SAST stage failed.

 git commit -am "modified package.json"
 git push

to wrap up, remove SAST stage, upgrade your express.js to latest version and push the changes.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published