📋
A Journey From IT to IT Security
  • IT Training Resources
  • IT Security Roles
    • Web Application Security Specialist
      • Training Guide
      • Self-hosted Training Lab
        • Vulnerable Web Apps
      • Web Security testing Methodology
        • 1 Footprinting
        • 2 Scanning
        • 3 Enumeration
        • 4 Gaining Access
        • 5 Maintain Access
        • 6 Covering Tracks
        • 7 Vulnerability assessment
    • DevSecOps Engineer
      • Training Guide
      • Building a DevSecOps CD/CI Pipeline
        • Self-hosted DevOps CD/CI platforms
        • Software Component Analysis (SCA)
        • Static Application Security Testing (SAST)
        • Dynamic Application Security Testing (DAST)
        • System Hardening
        • System Compliance Analysis
        • Vulnerability Analysis
      • Ready-to-use and train DevSecOps CD/CI Pipeline
    • Chief Information Security Officer (CISO)
    • Digital Forensics Investigator
      • Forensics Methodology
    • Cloud Security Engineer
      • Getting started with kubernetes
  • Resources
    • IT Basics
      • Networking Basics Study Guide
      • RBAC / ABAC
      • Anonymous Surfing
      • Python Programming
      • Infrastructure as code
      • Containers
        • Docker
        • Docker security
      • The Security Development Lifecycle (SDL)
    • Literature
    • Useful Tool Tutorials
    • Useful Online Tools
    • Exploits
  • Unsorted
    • Gitlab-ci with docker-compose
Powered by GitBook
On this page
  • Defect Dojo Open Source
  • Farady
  • Integration into the CD/CI pipeline
  1. IT Security Roles
  2. DevSecOps Engineer
  3. Building a DevSecOps CD/CI Pipeline

Vulnerability Analysis

PreviousSystem Compliance AnalysisNextReady-to-use and train DevSecOps CD/CI Pipeline

Last updated 3 years ago

At the end of the DevSecOps Pipeline we want to gather all the results and analyze them.

Defect Dojo Open Source

DefectDojo is an open-source vulnerability management tool build by security engineers and OWASP. It is available as a docker image .

I install it on the same server as where my gitlab is running. Think of changing the ports when running it.

Farady

Another free vulnerability management tool is Farady

Integration into the CD/CI pipeline

After each script execution we want to upload the scan results to out vulnerability analysis tool. Defect Dojo supports many scanners, documentation is available here

https://github.com/DefectDojo/django-DefectDojo
https://faradaysec.com/
https://defectdojo.github.io/django-DefectDojo/integrations/import/