Skip to content
/ cookiecutter-shift-left-security Public

Institutionalising Shift Left Security tools for Secrets Detection and Static Application Security Testing (SAST) Scan

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rajasoun/cookiecutter-shift-left-security

BranchesTags

Repository files navigation

Getting Started

For institutionalizing Shift Left Security adoption for

  1. Secrets Detection
  2. Static Application Security Testing (SAST) Scan
  3. Development Environment Setup
  4. Git Commit
  5. Git Branching

Prerequisites

Docker

docker run --rm --name cruft python:3.9.3-alpine3.13  \
  pip3  install cruft \
  && cruft create https://github.com/rajasoun/cookiecutter-shift-left-security

Once finished, navigate to your new project folder :

cd <project_name>

Refer SLS - Shift Left Security

Toolz Radar

🚀 Tool Collection

Adopt

  1. Docker: Docker takes away repetitive, mundane configuration tasks and is used throughout the development lifecycle for fast, easy and portable application development - desktop and cloud.
  2. cookiecutter: A command-line utility that creates projects from cookiecutters (project templates)
  3. cruft: cruft allows you to maintain all the necessary boilerplate for packaging and building projects separate from the code you intentionally write. Fully compatible with existing Cookiecutter templates
  4. Visual Studio Code Remote - Containers Extension: Leverage Docker container as a full-featured development environment. It allows you to open any folder inside (or mounted into) a container and take advantage of Visual Studio Code's full feature set.
  5. commitizen: Tool that guides the developer through the writing of the commit message
  6. commitlint: Tool that validates the commit message following a set of rules and good practices
  7. pre-commit: A framework for managing and maintaining multi-language pre-commit hooks
  8. gg-shield: CLI application that runs in your local environment or in a CI environment to help you detect more than 200 types of secrets, as well as other potential security vulnerabilities or policy breaks.
  9. git flow: Git extensions to provide high-level repository operations

Assess

  1. lint-staged: Run linters against staged git files and don't let 💩 slip into your code base!
  2. prettier: An opinionated code formatter
  3. husky: Tool that adds scripts (hooks) trigged before (pre-commit) and after (post-commit) your commit.
  4. release-it: CLI tool to automate versioning and package publishing related tasks

About

Institutionalising Shift Left Security tools for Secrets Detection and Static Application Security Testing (SAST) Scan

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages