provide API for CI/CD Pipelines

OWASP / threat-dragon

An open source threat modeling tool from OWASP

https://owasp.org/www-project-threat-dragon/

Apache License 2.0

902 stars 244 forks source link

provide API for CI/CD Pipelines #88

Open lreading opened 3 years ago

lreading commented 3 years ago

Describe what problem your feature request solves Provide an API for CI/CD pipelines

Describe the solution you'd like Provide an API for CI/CD pipelines, see here for an example

Additional context

What functions are exposed for this API?
How do we handle authentication/authorization?
What do we use to document the API? (main github docs, auto-generated via swagger or apidoc?)

micheelengronne commented 2 years ago

I am in favor of swagger to document it. Many tools exist to extract the API structure from swagger and integrate it in other systems.

For auth/auth I am in favor of Oauth2 and OIDC. It would make it easy to integrate in a larger CI system (like Gitlab, Gitea, etc...) and access their CI pipelines.

For the functions, I see at least 2 main ones :

push a source code and get back a threat-dragon json from it (the source code may be annotated to help)
push tests results (junit xml for instance) and push a threat-dragon json and get a comparison analysis back

jgadsden commented 2 years ago

Following @ShubhamPalriwala 's suggestion, this may be a good feature for the 2022 Google Summer of Code: https://github.com/OWASP/www-community/commits/master/pages/initiatives/gsoc/gsoc2022ideas.md

github-actions[bot] commented 5 months ago

This issue is stale because it has been open for 6 months with no activity.

jgadsden commented 2 months ago

This is still a valid issue, and is covers the points made on the API in issue #344