Skip to content

Latest commit

 

History

History

security-controls

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
deploy.sh
deploy.sh
 
 
deployment.yaml
deployment.yaml
 
 
entrypoint.py
entrypoint.py
 
 
notify.py
notify.py
 
 
requirements.txt
requirements.txt
 
 
sast.py
sast.py
 
 

README.md

SDARQ Security Controls

This folder contains scripts that run as cronjobs in the GKE cluster. These cronjobs:

  • auto update security controls in SDARQ (DAST, 3rd party dependencies scan, and SAST)
  • report to AppSec team all security controls that are missing for specific services. If AppSec team decides to mark them as False Positives, they can add SERVICENAME_SECURITYCONTROL by comma in _SECURITY_CONTROLS_IGNORE variable in cloud build trigger. For example if service A is missing DAST scan, it can be added to _SECURITY_CONTROLS_IGNORE as A_zap. If service B is missing CIS scanner, it can be added to _SECURITY_CONTROLS_IGNORE as A_zap,B_cis_scanner.

This is part of SDARQ, but is is deployed as a different namespace security-controls in GKE cluster.