Implement Security Scans and Integrate into CI Process #352
Assignees
Labels
Comments
|
@bgins, you can add community label and assign this task to me. I will start the task as soon as the team navigates through the current report |
Rodebrechtd
changed the title
|
A great idea to build the SAST into the CICD, we already have a solution in place so will move forward with that one instead. Thanks for flagging @Rodebrechtd |
Rodebrechtd
changed the title
Rodebrechtd
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Implement security scanning for Golang code using GoSec, a security tool designed to analyze Go code and identify potential security vulnerabilities. The GoSec scan should be integrated into the CI pipeline and executed to ensure consistent environments and minimize dependency issues.
Acceptance Criteria:
CI Integration:
The GoSec scan is successfully integrated into the CI pipeline, and it runs automatically as part of the build process.
If the scan fails or finds vulnerabilities above a defined threshold (e.g., high severity), the build should fail.
Build Failures:
The CI pipeline must fail if GoSec finds any security vulnerabilities at or above the defined threshold (e.g., high-severity issues).
Local Run Documentation:
Clear documentation is provided for developers to run the GoSec scan locally, ensuring alignment between local development and the CI pipeline.
Technical Requirements:
CI Config: Update the CI configuration (e.g., .gitlab-ci.yml, .github/workflows/main.yml) to add the GoSec scan as part of the build process.
Fail Criteria: The build must fail if any high-severity issues are found during the GoSec scan.
The text was updated successfully, but these errors were encountered: