blankdots
commented
2 years ago we can integrate with: https://github.com/marketplace/actions/owasp-zap-full-scan for automation or https://github.com/marketplace/actions/owasp-zap-baseline-scan
Open lilachic opened 2 years ago
blankdots
commented
2 years ago we can integrate with: https://github.com/marketplace/actions/owasp-zap-full-scan for automation or https://github.com/marketplace/actions/owasp-zap-baseline-scan
Description
It would be good to know what kind of coverage we have against OWASP top 10 vulnerabilities. https://owasp.org/Top10/ . This should be partly automated like Github's dependabot against number 6.
Should we have some more automatic testing against known vulnerabilities and should we manually check some known vulnerabilities from OWASP top 10 need to be decided.
DoD (Definition of Done)
There is a task to automate some more testing and we have checked that existing configurations comply mitigation of OWASP top 10.
Testing
Peer review or group discussion about the task.