This is code is a copy of a tutorial from github. It contains INTENTIONAL security findings but none of them are active. This is for EDUCATION purpose.
- Create a workflow file
- EXIT : the workflow must PASS and echo the content of
hello_world.txt
- Workflow code
- URL of the BUILD (https://github.com/...../actions/runs/12098085715)
- Create a new workflow file
- The workflow must build (
npm build) the application in 1 step and execute tests (npm test) in another - EXIT : All workflows RUN needs to be passing
- Workflow code
- URL of the BUILD (https://github.com/...../actions/runs/12098085715)
This exercice is NOT in the previous tutorial but based on the previous exercice. The goal is to run an SCA, find vulnerabilities and fix them.
- Update the workflow from exercice 2
- The workflow must execute an SCA to find vulnerabilities in dependencies
- The code needs to be fixed to update (or remove) the vulnerable dependency
- EXIT : All workflows RUN needs to be passing
- Workflow code
- URL of the BUILD (https://github.com/...../actions/runs/12098085715)
- SCA finding (dependency name and version)
This exercice is NOT in the previous tutorial but based on the previous exercice. The goal is to run an SAST, find a vulnerability and fix it.
- Update or create a new workflow
- The workflow must execute a SAST to find issues in code
- The code needs to be fixed to remove the finding
- EXIT : All workflows RUN needs to be passing
- Workflow code
- URL of the BUILD (https://github.com/...../actions/runs/12098085715)
- SAST finding (file + line + CWE)