CI/CD what is your tech combination
Throughout many companies that I have been, I have seen many combinations of tech used especially in the CI/CD, examples like these
Technologies: GitLab CI, GitLeaks, Git
Description: GitLeaks job in GitLab CI to check commits for secrets. A Git pre-commit hook script that runs GitLeaks using Docker, and performs GitLeaks scan before code is committed
Technologies: GitLab CI, Git, NJSScan, Semgrep, Python
Description: NJSScan in GitLab CI pipeline to run SAST scan against repository code Configure Semgrep in GitLab CI pipeline to run additional SAST scan against respository code
Technologies: DefectDojo, Git, GitLab CI, RetireJS, Python
Description: GitLab CI pipeline job for automated SCA scanning using RetireJS Use the SCA scan reports as an artifact. The RetireJS scan report is uploaded to DefectDojo using Python automation script
Technologies: ZAP, GitLab CI, Docker, AWS
Project: GitLab CI pipeline to deploy to test and prod environments
DAST job in GitLab CI to:
a. Run automated ZAP scans against Docker application deployed on EC2 instance
b. Fail the ZAP job for security findings above the warning severity level
c. Export the ZAP scan results as a pipeline artifact