Bag of Holding
The Bag of Holding is an application to assist in the organization and prioritization of software security activities.
Check out these talks which cover building your own AppSec pipeline:
- Matt Tesauro - Taking AppSec to 11: Pipelines, DevOps and making things better
- Aaron Weaver - Building An AppSec Pipeline: Keeping Your Program, And Your Life, Sane
- Matt Tesauro - Lessons From DevOps: Taking DevOps Practices Into Your AppSec Life
For information about what's new as well as known issues, see RELEASES.md
For information on setting up a development environment, see INSTALL.md.
Build and start the container
docker build -t bag-of-holding . docker run -d -p 8000:8000 --name boh-server bag-of-holding:latest
docker exec -it boh-server sh python3 /bag-of-holding/project/manage.py createsuperuser
The following command will retrieve the latest metrics from ThreadFix for connected applications. We recommend this be run daily as a Cron job.
python manage.py cron --threadfix