Closed TommyB13 closed 1 year ago
stale. @mbiuki can revisit and decide to refresh this card, drop it, or merge with another card where applicable
This was a research and it is completed by hiring a Summer intern in 2023. All findings and presentation slides are put here: https://drive.google.com/drive/folders/1Og9cwhMyD8JCsEpmS04b4NdhfiC7JUdW?usp=drive_link This ticket may be closed.
@sfreudenthaler this was an interesting project - please review.
Lots of interesting stuff in this prototype. Ultimately what is the proposed flow here? Who is the audience for triage and remediation?
false positive
rate looks like today and what would be acceptablemaster
... What are the implications there? and crucially. Is the prototype now considered "stale"? (FWIW I think the concept or the Automate & Conquer deck are still very much validNikto Scan Report
and I'm concerned that it's not going to be actionable for engineers
Parent Issue
No response
User Story
As a developer, I want to be able to automate penetration testing using a workflow in GitHub Actions, so I can generate reports of potential vulnerabilities.
Acceptance Criteria
The workflow must successfully run a penetration test on the latest version of dotCMS at a specified time and push the results to a separate repository where the results will be stored.
Proposed Objective
Security & Privacy
Proposed Priority
Priority 3 - Average
External Links... Slack Conversations, Support Tickets, Figma Designs, etc.
No response
Assumptions & Initiation Needs
In order for the workflow to run, an AWS server must be set up with dotCMS running via docker and it must be set up as a self-hosted runner with the repository so that the workflow can run on the server.
Quality Assurance Notes & Workarounds
No response
Sub-Tasks & Estimates
No response