Feature/lab9#9
Open
ellilin wants to merge 11 commits into
Open
Conversation
Complete triage report for OWASP Juice Shop deployment including: - Scope & Asset information (v19.0.0) - Environment details (macOS, Docker 28.3.3) - Deployment verification with health checks - Surface snapshot analysis - Top 3 security risks identified - PR template setup documentation - GitHub community engagement section
- Generate SBOMs with Syft and Trivy for OWASP Juice Shop v19.0.0 - Perform SCA with Grype and Trivy vulnerability scanning - Compare toolchain capabilities: accuracy, coverage, features - Analyze 1139 packages, 146 vulnerabilities, 32 license types - Document critical vulnerabilities and remediation strategies Co-Authored-By: Claude (glm-5) <noreply@anthropic.com>
- SAST analysis with Semgrep (25 code-level findings) - DAST analysis with ZAP, Nuclei, Nuclei, SQLmap - Authenticated vs unauthenticated scan comparison - Tool comparison matrix and recommendations - SAST/DAST correlation analysis
…lysis - Scanned Terraform with tfsec, Checkov, and Terrascan (45, 78, 22 findings) - Scanned Pulumi with KICS (6 findings: 1 CRITICAL, 2 HIGH, 1 MEDIUM) - Scanned Ansible with KICS (10 findings: 9 HIGH, 1 LOW) - Created comprehensive tool comparison matrix - Identified 161 total security vulnerabilities across all frameworks - Documented top 5 critical findings with remediation code examples - Provided CI/CD integration strategy with quality gates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Goal
Complete Lab 9 by demonstrating runtime security monitoring with Falco and offline policy-as-code validation with Conftest, then document the findings in the required submission file.
Changes
labs/lab9/falco/rules/custom-rules.yamllabs/lab9/falco/logs/falco.logandlabs/lab9/falco/logs/falco-alerts.txtlabs/lab9/analysis/labs/submission9.mdwith Falco evidence, Conftest results, manifest/policy analysis, and environment notes for Docker Desktop on macOSTesting
lab9-helper/usr/local/bin/falcosecurity/event-generator:latest run syscalllabs/lab9/manifests/k8s/juice-unhardened.yamllabs/lab9/manifests/k8s/juice-hardened.yamllabs/lab9/manifests/compose/juice-compose.ymlArtifacts & Screenshots
labs/submission9.mdlabs/lab9/falco/logs/falco.loglabs/lab9/falco/logs/falco-alerts.txtlabs/lab9/falco/rules/custom-rules.yamllabs/lab9/analysis/conftest-unhardened.txtlabs/lab9/analysis/conftest-hardened.txtlabs/lab9/analysis/conftest-compose.txtChecklist
feat:,fix:,docs:)