secureCodeBox - How to improve your CI/CD pipeline with automated security tests

Awareness of security challenges is crucial for delivering high-quality software. This awareness has to be fostered and applied continuously.

WHY

The secureCodeBox provides an open source toolchain for continuous security scanning of your applications. It helps you to find the low-hanging fruit issues early in the development process, freeing the resources of human penetration testers to concentrate on the major security issues. Under the hood we use well-known and open source licensed security scanners like OWASP ZAP, Arachni, NMAP, Nikto, SSLyze. The peculiarity of the solution is the high integration capability in existing build processes, which we will show in a live demonstration.

What

The goal of this User Session is to teach participants how they can integrate security tools in their continous delivery pipeline based on the open source project secureCodeBox. The project aims to reduce the time to bootstrap your environment with a bunch of security tools.

Outcomes

Outcomes:

• Participants can see an demo setup from start to finish. Since this is all open source and part of the secureCodeBox project, attendees can try this for their own pipeline.
• We are highly interested in your feedback and ideas about the project. How can we improve it?
• Are you interested to be involved? Help to spread the idea and grow up.

Who

The target audience for this Working Session is:

• Developers
• Security professionals
• DevSecOps professionals

References

• Project Page
• OWASP 2017 GitHub issues
• Developer Guidelines

Register as participant

To register as participant add secureCodeBox - How to improve your CI/CD pipeline with automated security tests to either:

1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
2. or the participants metadata field from this git session page