Implement SAST + DAST through Github actions

Related tags

Third-party APIs Wrapperssast-dast
Overview

Implement SAST + DAST through Github actions

The repository is supposed to implement SAST+DAST checks using github actions against a vulnerable python application which allows RCE. Goal is to detect it before it gets pushed into production.

Roadmap

  • Python vulnerable RCE application
  • Github actions (executes on PR to main/master branch)
    • Implement SAST using bandit
    • Implement DAST using OWASP ZAP (need app deployed somewhere - k8s to the rescue!)
    • Deploy application using Kubernetes for OWASP ZAP scan
  • Post gist of found vulnerabilities in Slack
    • SAST - Use hashicorp vault to reference slack bot credentials
    • DAST - Use hashicorp vault to reference slack bot credentials
Owner
Syed Umar Arfeen
Sr. Security Engineer @Ebryx, OSCP, OSWE, Penetration Tester, Weeb, !Dank Memer, and as you can see a "wanna-be" programmer as well :)
Syed Umar Arfeen
GitHub Repository
Herramienta para transferir eventos de Sucuri WAF hacia Azure Data Tables.

Transfiere eventos de Sucuri hacia Azure Data Tables Script para transferir eventos del Sucuri Web Application Firewall (WAF) hacia Azure Data Tables,

CSIRT-RD 1 Dec 22, 2021
Python wrapper for WhatsApp web-based on selenium

alright Python wrapper for WhatsApp web made with selenium inspired by PyWhatsApp Why alright ? I was looking for a way to control and automate WhatsA

Jordan Kalebu 193 Jan 06, 2023
Pycord, a maintained fork of discord.py, is a python wrapper for the Discord API

pycord A fork of discord.py. PyCord is a modern, easy to use, feature-rich, and async ready API wrapper for Discord written in Python. Key Features Mo

Pycord Development 2.3k Dec 31, 2022
Changes your desktop wallpaper based on the weather.

WallPaperChanger ๐Ÿ–ผ๏ธ Description โ›ˆ๏ธ This Python script changes your desktop wallpaper based on the weather. Cloning ๐ŸŒ€ $ git clone https://github.com/

Clarence Yang 74 Nov 29, 2022
Repository to access information of stocks in Bombay Stock Exchange.

BSE Repository to access information of stocks in Bombay Stock Exchange. The code in this repository uses BSE API and conclusions made using the code

1 Nov 13, 2021
How to add reaction on message discord.py

BA / HR / RS: Python (discord.py) skripta pomocu koje dodajete reakciju na vasu poruku putem komande !v ili da se dodaje samo u nekoj odredjenoj sobi.

Seekii 3 Dec 23, 2021
A Telegram Bot That Can Find Lyrics Of Song

Lyrics-Search-Bot A Telegram Bot That Can Find Lyrics Of Song A Simple Telegram Bot That Can Extract Lyrics Of Any Songs Deploy Commands start - To St

Muhammed Fazin 11 Oct 21, 2022
VoiceMaster-Discord-Bot - Fork from original Discord bot with max channel limit, staff role and more

VoiceMaster VoiceMaster is a discord bot created to change the way servers work,

2 Feb 28, 2022
โœจ A simple project to automate some stuffs in Habbo with G-Earth โœจ

โšก๏ธ Habbo G-Earth extensions โšก๏ธ โœจ A simple project to automate some stuffs in Habbo with G-Earth โœจ About | Getting Started | Authors โžค Getting Started

Lucca Pessoa 1 Jan 09, 2022
A Telegram Bot to Play Audio in Voice Chats With Youtube and Deezer support. Supports Live streaming from youtube Supports Mega Radio Fm Streamings

Bot To Stream Musics on PyTGcalls with Channel Support. A Telegram Bot to Play Audio in Voice Chats With Supports Live streaming from youtube and Mega

Shamil Habeeb 37 Dec 15, 2022
This is a python bot that automatically logs in, clicks the new button, and sends heroes to work in the bombcrypto game

This is a python bot that automatically logs in, clicks the new button, and sends heroes to work in the bombcrypto game. It is fully open source and free.

856 Jan 04, 2023
SmartFile API Client (Python).

A SmartFile Open Source project. Read more about how SmartFile uses and contributes to Open Source software. Summary This library includes two API cli

SmartFile 19 Jan 11, 2022
Declarative assertions for AWS

AWSsert AWSsert is a Python library providing declarative assertions about AWS resources to your tests. Installation Use the package manager pip to in

19 Jan 04, 2022
D(HE)ater is a security tool can perform DoS attack by enforcing the DHE key exchange.

D(HE)ater D(HE)ater is an attacking tool based on CPU heating in that it forces the ephemeral variant of Diffie-Hellman key exchange (DHE) in given cr

Balasys 138 Dec 15, 2022
Telegram Auto Filter Bot

Pro Auto Filter Bot V2.o Hey Mo Tech, I'm an Autofilter bot v2.O and you can not Add Me to your Group. I was made for this one group. So don't waste y

14 Oct 20, 2021
Python client for the Datadog API

datadog-api-client-python This repository contains a Python API client for the Datadog API. The code is generated using openapi-generator and apigento

Datadog, Inc. 58 Dec 16, 2022
A Python Client for News API

newsapi-python A Python client for the News API. License Provided under MIT License by Matt Lisivick. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRAN

Matt Lisivick 281 Dec 29, 2022
The Fastest multi spambot of Telegram ๐Ÿคž ๐Ÿคž

Revil Spam Bot The Fastest multi spambot of Telegram ๐Ÿคž ๐Ÿคž ๐š‚๐š„๐™ฟ๐™ฟ๐™พ๐š๐šƒ ๐Ÿ–ค แด„ส€แด‡แด€แด›แดส€ ๐Ÿ–ค โšก ๐“ก๐“ฎ๐“ฟ๐“ฒ๐“ต ๐“—๐“พ๐“ท๐“ฝ๐“ฎ๐“ป ๐”๐”ฒ๐”ฉ๐”ฑ๐”ฆ แบžรธโœž๏ธŽ โšก ๐“ ๐•พะผฮฟฮฟฯ„ะฝ ๐“ะธโˆ‚ ๐•ฑ

REVIL HUNTER 4 Dec 08, 2021
:globe_with_meridians: A Python wrapper for the Geocodio geolocation service API

Py-Geocodio Python wrapper for Geocodio geocoding API. Full documentation on Read the Docs. If you are upgrading from a version prior to 0.2.0 please

Ben Lopatin 84 Aug 02, 2022
Ts-matterbridge - Integrate TeamSpeak Chat with MatterBridge

TeamSpeak-MatterBridge Bot You can use this bot to integrate TeamSpeak Chat with

4 Sep 25, 2022