Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(owasp-dast): added workflow for DAST #252

Merged
merged 5 commits into from
Feb 23, 2024
Merged

ci(owasp-dast): added workflow for DAST #252

merged 5 commits into from
Feb 23, 2024

Conversation

tom-rm-meyer-ISST
Copy link
Contributor

@tom-rm-meyer-ISST tom-rm-meyer-ISST commented Feb 17, 2024
edited
Loading

Description

Create Owasp Zap Worklfow for DAST.

Tests two apis with api key, and overall frontend.

Pre-review checks

Please ensure to do as many of the following checks as possible, before asking for committer review:

@tom-rm-meyer-ISST
Copy link
Contributor Author

Hey @RoKrish14, please review. I prepared two api tests on backend level, and the full test for the frontend. Please check. We'll need to wait for this issue to be handled to make use of the secrets.

Further Question: I remember you talking about open api. PR #251 now fixes the missing api key header config in swagger ui.

RoKrish14
RoKrish14 approved these changes Feb 17, 2024
View reviewed changes
.github/workflows/owasp-dast.yaml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@tom-rm-meyer-ISST tom-rm-meyer-ISST requested review from RoKrish14 and removed request for RoKrish14 February 22, 2024 11:11
RoKrish14
RoKrish14 requested changes Feb 22, 2024
View reviewed changes
Copy link
Contributor

@RoKrish14 RoKrish14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we dont have access to secrets,

  • you can remove secrets from - secrets.API_KEY
  • keep only - API_KEY

@tom-rm-meyer-ISST
Copy link
Contributor Author

Since we dont have access to secrets,

  • you can remove secrets from - secrets.API_KEY
  • keep only - API_KEY

incorporated

@mhellmeier mhellmeier merged commit fff4f7c into eclipse-tractusx:main Feb 23, 2024
13 checks passed
@tom-rm-meyer-ISST tom-rm-meyer-ISST deleted the ci/owasp branch February 23, 2024 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RoKrish14 RoKrish14 RoKrish14 approved these changes

@mhellmeier mhellmeier mhellmeier approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tom-rm-meyer-ISST @mhellmeier @RoKrish14