Security-C4PO is an open-source web-application for managing and documenting penetration tests. This tool allows a security tester to keep track of the testing progress according to the OWASP Testing Guide. This application aims to make the offical Testing Guide more actionable to work with.
The goal is to have a "Pentest Pipeline" that uses the OWASP ZAP.
The following GitHub Actions wrap the above packaged scans and also support raising GitHub issues for potential vulnerabilities found:
Usage of ZAP in Docker:
For more details see the blog posts:
These GitHub actions are a simple way to run the packaged scans, especially if you already use GitHub.
This is a PoC. Tje result should be presented at: https://heise-academy.de/webinare/devsecops923?wt_mc=intern.academy.newsticker.web_devsecops.ticker-1.link.link