Shift Left: Scanning in the Pipeline with Gitlab, Sonarqube, OWASP ZAP, Trivy, and DefectDojo

preview_player
Показать описание
We give an overview of our presentation last month at the Atlanta Gitlab Meetup. CI/CD DevOps pipeline with security scanning.

  1. Sophronio
  2. DevOps
  3. Gitlab
Рекомендации по теме
Tool Review: ShiftLeft 0:09:02

Tool Review: ShiftLeft Scan

Shift-left! Scanning for 0:45:47

Shift-left! Scanning for Security Compliance from Day Zero

Demo: Shift Left 0:05:26

Demo: Shift Left Security Scan for Mainframe DevOps BMC Compuware Integration with Veracode

Carbon Black Container 0:23:44

Carbon Black Container Scanning Part 3 - Scanning in a Pipeline

Shift Left Security 0:02:10

Shift Left Security Scan and Vulnerability Check

Talk 13 - 0:16:01

Talk 13 - Avinash Jain - Shift Left with DevSecOps: Scanning every single code change

Shifting Cloud Security 1:05:59

Shifting Cloud Security Left: Scanning Infrastructure as Code for Security Issues

Shift Left: Scanning 0:17:26

Shift Left: Scanning in the Pipeline with Gitlab, Sonarqube, OWASP ZAP, Trivy, and DefectDojo

Blood Moon Showdown: 0:23:32

Blood Moon Showdown: Werewolf vs. Shapeshifter

Is Infrastructure as 0:03:30

Is Infrastructure as Code Scanning CSPM Shifting Left?

Open Source Vulnerability 0:05:58

Open Source Vulnerability Scanning - Are you safe?

Shift Left Security 0:51:35

Shift Left Security and Code Scanning with Amjad Afanah and Sudipta Mukherjee

Shift left with 0:20:31

Shift left with Checkov security scanning for Terraform : DevSecOps

BSidesNCL 2020 - 0:24:39

BSidesNCL 2020 - Shift Left with DevSecOps: Scanning every single code change - @logicbomb_1

Application Security Scanning 0:43:06

Application Security Scanning in the Repository: Best Practices

Edema 0:00:12

Edema

Docker Scout: Shift 0:13:46

Docker Scout: Shift Left to Scan Vulnerabilities

Craniotomy to Remove 0:00:25

Craniotomy to Remove a Brain Tumor (3D Animation)

Shift Left Quality 0:00:49

Shift Left Quality Management System QMS Using a 3 D Matrix Scanning Method on System on a Chip

How to Perform 0:08:37

How to Perform SAST Scanning with Harness STO | Code Repository Scanning

See how a 0:00:14

See how a Trigger Finger is released - 3D Animation #hand #orthopedics

When Your Shoulder 0:00:16

When Your Shoulder Pops 💥 Out #shorts

Attack of the 0:31:05

Attack of the Scans: Early Security in Cloud Native Development

Appendicitis [] Appendix 0:00:17

Appendicitis [] Appendix Location [] Appendicitis symptoms

Комментарии
Автор

hello, i have a question, i am trying to do the integrations between defect dojo and jenkins it doesn't work also i can use curl post for create engagement into the defcet dojo but i am not able to use it for import scan

NourHarkouss-yg
Автор

Hi, Please help with dast and container scanning, I ahve tries as you showed in the video but unable to perform the scan, please help

ashabeeshaik
Автор

Hi @richard, in which line in the yaml that makes the warning displays in the commit dashboard?

aaronlondon
Автор

DAST should be run after deployment, maybe in dev stage?

ChauDuong
Автор

Hello sir, as of v8.9 of Sonar, the option ‘merge request decoration’ is marked as Commercial Edition only on the gitlab plugin, does it prevent the use of this feature you presented us here ?

arnaud
Автор

Do you have an example of the .pl files you used to upload to defectojo?

andrewa
Автор

Hi, thanks for the great video 😊
One question sir, everytime the pipeline run, does it will create a new engagement?

I_love.hamster