OWASP dependency check it's a great way of automating vulnerability discovery in our projects, though when running it as part of a CI pipeline per pro ...
OWASP dependency check it's a great way of automating vulnerability discovery in our projects, though when running it as part of a CI pipeline per pro ...
I need to run snyk scan for Azure container and set it to fail only when there are new vulnerabilities found as compared to previous image I did foll ...
I am new to GitLab and was trying to build a sample CICD pipeline. Following is my code: But my pipeline looks like in this image here (no dependen ...
I am installing Sonarqube (community version) (v8). I know I need JDK 11, so I have installed it using Windows Installer. Whatsmore, I hace changed wr ...
Still pretty new to this so forgive me if I'm saying anything wrongly. This is my code Pipeline fails and when I check the log it says: I figur ...
Within a DevSecOps Ci/Cd pipeline one of the best practices is to automatically discover and apply patches to vulnerable software prior to deployment. ...
I'd like to call a shell script from within a Rego script. How can I do it? The rego built-in functions don't seem to help. ...
I was scanning DotNet application using Sonarqube. Sonarscaner.MSBuild.exe begin, MSbuild and end, all 3 executed successfully in the same project roo ...
Artifactory instance up and running and in use on Windows 2012R2 (Server A), Is it possible to link this(Artifactory) with new Xray installation on a ...
I Have JFrog Artifactory installed and up and running on Windows 2012 R2, now i want to install JFrog-Xray on the same server and linking with existin ...
I'm completely new with GitLab and I have a scenario where I need to automatically add a .gitlab-ci.yml file to all the project repositories, in order ...
I am helping our DevOps team integrate Snyk into the Jenkins pipelines for SAST. By default, it seems like this Snyk plugin is doing snyk test (which ...
Is the api scan included in the full scan for the OWASP ZAP Action Full Scan for Github Actions? I need to know if I need to include a separate scan f ...
I am trying to set up config.json for Bitbucket Cloud to automatically update dependencies in npm repos of Bitbucket Cloud. I found one example, but c ...
My requirement is do the "Authenticated Scan" by using the TFS DevOps pipeline, for this I added the "OWASP Zed Attack Proxy Scan" extension under TFS ...
I am using trivy to do docker scanning and then saving the output into result.json file. Now I am trying to send the file to DefectDojo to visualize i ...
I would like to get the list of jobs starting with a given name, followed by updating the label node on which the job can run. I did the following and ...
I'm new to the container security concept. I would like to find the vulnerabilities in the Container images using Quay Clair. Note: I already tried t ...
I have a public repo. Random GitHub users are free to create pull requests, and this is great. My CI pipeline is described in a normal file in the re ...
I work at a company with hundreds of Jenkins pipelines defined. We have a set of scans we want every pipeline to run (SonarQube, Checkmarx, Blackduck ...