Make sure that Interactive Application Security Testing (IAST) is in place for your repository. During quality assurance testing or when an application is being used, interactive application security tools scan the code to find vulnerabilities and provide reports that identify where in the code the issue is. IAST tools are typically geared to analyze Web Applications and Web APIs, but that is vendor specific. There may be IAST products that can perform good security analysis on non-web applications as well. IAST works best when deployed in a QA environment with automated functional tests running. Learn more: https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools https://appsecmap.com https://snyk.io/learn/application-security/iast-interactive-application-security-testing/ https://www.veracode.com/security/interactive-application-security-testing-iast https://owasp.org/www-project-devsecops-guideline/latest/02c-Interactive-Application-Security-Testing
1. Navigate to Repository -> Actions. 2. Open your repository CD Pipeline. 3. Ensure a IAST scanning tool is present in your pipeline.
{
"target": "GHActionsWorkflows",
"if": {
"allOf": [
{
"resource": "GHActionsWorkflows",
"property": "WorkflowsYaml",
"operator": "match",
"value": "$(GH_POLICY_VAR_DEVSECOPS_IAST_INTERACTIVE_APPLICATION_SECURITY_TESTING_TOOLS_PATTERNS)"
}
]
},
"then": {
"effect": "Audit"
}
}Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions