Implement SAST + DAST through Github actions

Related tags

Third-party APIs Wrapperssast-dast
Overview

Implement SAST + DAST through Github actions

The repository is supposed to implement SAST+DAST checks using github actions against a vulnerable python application which allows RCE. Goal is to detect it before it gets pushed into production.

Roadmap

  • Python vulnerable RCE application
  • Github actions (executes on PR to main/master branch)
    • Implement SAST using bandit
    • Implement DAST using OWASP ZAP (need app deployed somewhere - k8s to the rescue!)
    • Deploy application using Kubernetes for OWASP ZAP scan
  • Post gist of found vulnerabilities in Slack
    • SAST - Use hashicorp vault to reference slack bot credentials
    • DAST - Use hashicorp vault to reference slack bot credentials
Owner
Syed Umar Arfeen
Sr. Security Engineer @Ebryx, OSCP, OSWE, Penetration Tester, Weeb, !Dank Memer, and as you can see a "wanna-be" programmer as well :)
Syed Umar Arfeen
GitHub Repository
Instagram auto reporting tool 100% working

INSTA REPORTER Instagram auto reporting tool 100% working Description this tool is made by Guccifer Shubham (shubhushubhu99) and by using this tool yo

Guccifer Shubham 26 Dec 28, 2022
A python based all-in-one tool for Google Drive

gdrive-tools A python based all-in-one tool for Google Drive Uses For Gdrive-Tools ✓ generate SA ✓ Add the SA and Add them to TD automatically ✓ Gener

XcodersHub 32 Feb 09, 2022
This repository provides a set functions to extract paragraphs from AWS Textract responses.

extract-paragraphs-with-aws-textract Since AWS Textract (the AWS OCR service) does not have a native function to extract paragraphs, this repository p

Juan Anzola 3 Jan 26, 2022
Maintained Fork of Jishaku For nextcord

Onami a debugging and utility extension for nextcord bots Read the documentation online. Fork Onami is a actively maintained fork of Jishaku for nextc

RPS 11 Dec 14, 2022
YuuScource - A Discord bot made with Pycord

Yuu A Discord bot made with Pycord Features Not much lol • Easy to use commands

kekda 9 Feb 17, 2022
A simple discord bot named atticus that sends you the timetable of your classes upon request

A simple discord bot named atticus that sends you the timetable of your classes upon request. Soon, it would you ping you before classes too!

Samhitha 3 Oct 13, 2022
A repository for 8G server's discord bot

8G Discord-Bot A general-purpose discord bot for the 8G Discord-Server To setup: Create a new file called secrets.py and make it look like this TOKEN=

1 Jan 12, 2022
Music bot for playing music on telegram voice chat group.

Somali X Music 🎵 Music bot for playing music on telegram voice chat group. Requirements FFmpeg NodeJS nodesource.com Python 3.8+ or Higher PyTgCalls

Abdisamad Omar Mohamed 4 Dec 01, 2021
A telegram bot to monitor the latest NFT price on BSC.

NFT_Monitor This is a telegram bot for monitoring price and ranking of NFT on Binance Smart Chain. Can fetch latest ranking and price in real time. .P

Niko Pang 10 Oct 09, 2022
Search twitter by address.

Twitter Geolocate Twitter Geolocation is a console app that generates twitter search querries for a certain geolocation and opens them in your standar

David J. Kowalk 28 Dec 06, 2022
An information scroller Twitter trends, news, weather for raspberry pi and Pimoroni Unicorn Hat Mini and Scroll Phat HD.

uticker An information scroller Twitter trends, news, weather for raspberry pi and Pimoroni Unicorn Hat Mini and Scroll Phat HD. Features include: Twi

Tansu Şenyurt 1 Nov 28, 2021
An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

TWINT - Twitter Intelligence Tool No authentication. No API. No limits. Twint is an advanced Twitter scraping tool written in Python that allows for s

TWINT Project 14.2k Jan 03, 2023
Fastest Pancakeswap Sniper BOT TORNADO CASH 2022-V1 (MAC WINDOWS ANDROID LINUX)

Fastest Pancakeswap Sniper BOT TORNADO CASH 2022-V1 (MAC WINDOWS ANDROID LINUX) ⭐️ AUTO BUY TOKEN ON LAUNCH AFTER ADD LIQUIDITY ⭐️ ⭐️ Support Uniswap

Crypto Trader 7 Jan 31, 2022
It is automated instagram follower bot.

Instagram-Follower-Bot It is automated instagram follower bot. In This project I've used Selenium and Python. Work-Flow When I run my code. It's gonna

Falak Shair 3 Sep 28, 2022
A new coin listing alert bot using Python, Flask, MongoDB, Telegram API and Binance API

Bzzmans New Coin Listing Detection Bot Architecture About Project Work in progress. This bot basically gets new coin listings from Binance using Binan

Eyüp Barlas 21 May 31, 2022
Bot made by BLACKSTORM[BM] Contact Us - t.me/BLACKSTORM18

ᴡʜᴀᴛ ɪs ᴊᴀʀᴠɪs sᴇᴄᴜʀɪᴛʏ ʙᴏᴛ ᴊᴀʀᴠɪs ʙᴏᴛ ɪs ᴛᴇʟᴇɢʀᴀᴍ ɢʀᴏᴜᴘ ᴍᴀɴᴀɢᴇʀ ʙᴏᴛ ᴡɪᴛʜ ᴍᴀɴʏ ғᴇᴀᴛᴜʀᴇs. ᴛʜɪs ʙᴏᴛ ʜᴇʟᴘs ʏᴏᴜ ᴛᴏ ᴍᴀɴᴀɢᴇ ʏᴏᴜʀ ɢʀᴏᴜᴘs ᴇᴀsɪʟʏ. ᴏʀɪɢɪɴᴀʟʟʏ ᴀ

1 Dec 11, 2021
A Telegram bot that can stream Telegram files to users over HTTP

AK-FILE-TO-LINK-BOT A Telegram bot that can stream Telegram files to users over HTTP. Setup Install dependencies (see requirements.txt), configure env

3 Dec 29, 2021
Instagram Account Creator 🥰

Instagram Account Creatorr Instagram account creator that uses requests instead of selenium! Report Bug · Request Feature Features Request based Conta

dropout 9 Oct 27, 2021
Freqtrade 3commas wrapper for python

Freqtrade 3commas wrapper The aim of this project is to provide an easy way to integrate freqtrade with 3commas. The main reason someone would want to

Alex Babescu 43 Dec 17, 2022
Repositorio dedicado a contener los archivos fuentes del bot de discord "Lector de Ejercicios".

Lector de Ejercicios Este bot de discord está pensado para usarse únicamente en el discord de la materia Algoritmos y Programación I, de la Facultad d

Franco Lighterman Reismann 3 Sep 17, 2022