Make sure that Infrastructure Scanning (IS) is in place for your repository. DevOps does a great job in automating the development and deployment process, but since all moving parts (containers, libraries etc.) are being updated frequently, it is imperative to make sure the infrastructure where you deploy your code is safe. The best way to do that is to incorporate vulnerability scanning into your pipeline. A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. Learn more: https://owasp.org/www-project-devsecops-guideline/latest/02e-Infrastructure-Vulnerability-Scanning https://www.gartner.com/reviews/market/vulnerability-assessment
1. Navigate to Repository -> Actions. 2. Open your repository CI/CD Pipeline. 3. Ensure an Infrastructure Scanning tool is present in your pipeline.
{
"target": "GHActionsWorkflows",
"if": {
"allOf": [
{
"resource": "GHActionsWorkflows",
"property": "WorkflowsYaml",
"operator": "match",
"value": "$(GH_POLICY_VAR_DEVSECOPS_IS_INFRASTRUCTURE_SCANNING_TOOLS_PATTERNS)"
}
]
},
"then": {
"effect": "Audit"
}
}Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions