PA2588 DevSecOps: Playground for SCA (Software Composition Analysis)

This is part of the course DevSecOps. You will see how to include SCA in your development process.

Preparation

Click on Use this template to create a new repository in your GitHub account (don't fork it), and make sure to set the visibility to "Public".
- The GitHub actions should run automatically and be green.
Create a free account on Snyk, go to your Account Settings, and copy your "Auth Token".
In your GitHub project, go to "Settings" > "Secrets and variables" > "Actions", and create a Repository Secret called SNYK_TOKEN with your Snyk Auth Token.

In .github/workflows/sca.yml, uncomment the block labeled "Version 1" to enable Snyk.
- After the next successful run of the GitHub actions, under GitHub's "Security Tab", you should now see "Code Scanning Alerts" being reported.
In requirements.txt, update the version of the "requests" library to a newer version (e.g. from 2.27.0 to 2.32.2 -- or whatever Snyk suggests as a current version).
- After the next successful run of the GitHub actions, you should now see fewer "Code Scanning Alerts" being reported.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.github/workflows		.github/workflows
templates		templates
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
app.py		app.py
requirements.txt		requirements.txt