Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add action for vulnerability testing #1635

Open
tomkralidis opened this issue Apr 20, 2024 · 1 comment
Open

add action for vulnerability testing #1635

tomkralidis opened this issue Apr 20, 2024 · 1 comment
Assignees
@francbartoli
Labels
enhancement New feature or request security Security
Milestone
0.19.0

Comments

@tomkralidis
Copy link
Member

tomkralidis commented Apr 20, 2024
edited
Loading

Penetration testing on a pygeoapi instance would be a valuable testing mechanism in a DevSecOps context.

Zed Attack Proxy (ZAP) could be a viable option, given it provides this functionality as GitHub Actions:

We should also consider the OWASP API Security Top 10.

The result would be a GitHub Action (.github/workflows/security.yml) that would run some/all of the above.
@tomkralidis tomkralidis added enhancement New feature or request security Security labels Apr 20, 2024
@tomkralidis tomkralidis added this to the 0.17.0 milestone Apr 20, 2024
@francbartoli
Copy link
Contributor

For OWASP API Security Top 10: I would replicate what has been implemented for fastgeoapi

@tomkralidis tomkralidis modified the milestones: 0.17.0, 0.18.0 Jul 4, 2024
@tomkralidis tomkralidis modified the milestones: 0.18.0, 0.19.0 Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@francbartoli francbartoli

Labels
enhancement New feature or request security Security
Projects
None yet
Milestone
0.19.0
Development

No branches or pull requests
2 participants
@francbartoli @tomkralidis