pygeoapi is a Python server implementation of the OGC API suite of standards. The project emerged as part of the next generation OGC API efforts in 2018 and provides the capability for organizations to deploy a RESTful OGC API endpoint using OpenAPI, GeoJSON, and HTML. pygeoapi is open source and released under an MIT license.
Penetration testing on a pygeoapi instance would be a valuable testing mechanism in a DevSecOps context.
Zed Attrack Proxy (ZAP) could be a viable option, given it provides this functionality as GitHub Actions:
We should also consider the OWASP API Security Top 10.
The result would be a GitHub Action (
.github/workflows/security.yml
) that would run some/all of the above.