search

geopython / pygeoapi

pygeoapi is a Python server implementation of the OGC API suite of standards. The project emerged as part of the next generation OGC API efforts in 2018 and provides the capability for organizations to deploy a RESTful OGC API endpoint using OpenAPI, GeoJSON, and HTML. pygeoapi is open source and released under an MIT license.
https://pygeoapi.io
MIT License
460 stars 250 forks source link

add action for vulnerability testing #1635

Open tomkralidis opened 2 months ago

tomkralidis commented 2 months ago

Penetration testing on a pygeoapi instance would be a valuable testing mechanism in a DevSecOps context.

Zed Attrack Proxy (ZAP) could be a viable option, given it provides this functionality as GitHub Actions:

We should also consider the OWASP API Security Top 10.

The result would be a GitHub Action (.github/workflows/security.yml) that would run some/all of the above.

francbartoli commented 2 months ago

For OWASP API Security Top 10: I would replicate what has been implemented for fastgeoapi