Questions tagged [devsecops]
41 questions
0
votes
1 answer
How can a Rego script call a shell script?
I'd like to call a shell script from within a Rego script.
How can I do it?
The rego built-in functions don't seem to help.
Elifarley
- 1,310
- 3
- 16
- 23
0
votes
1 answer
JFrog Xray integration with existing instance of Artifactory
Artifactory instance up and running and in use on Windows 2012R2 (Server A), Is it possible to link this(Artifactory) with new Xray installation on a Linux server (Server B) ? any steps available in the existing documentation to do this ? Please…
Srinivas Charan Mamidi
- 301
- 1
- 13
0
votes
1 answer
JFrox Xray installation on Windows server
I Have JFrog Artifactory installed and up and running on Windows 2012 R2, now i want to install JFrog-Xray on the same server and linking with existing Artifactory instance, is it possible ?
As per JFrog documentation, XRay installer available only…
Srinivas Charan Mamidi
- 301
- 1
- 13
0
votes
1 answer
Using BeyondTrust for DevSecOps
What is the main difference between BeyondTrust Password Safe and DevOps Secrets safe? as my understanding is that BeyondTrust Password Safe can be used to save code and tool passwords from the DevOps process, so why would I need DevOps Secrets…
Roro
- 97
- 3
- 13
0
votes
1 answer
Github Actions OWASP ZAP full vs API scan
Is the api scan included in the full scan for the OWASP ZAP Action Full Scan for Github Actions? I need to know if I need to include a separate scan for APIs, or if its already covered by the full scan.
Itay Gurvich
- 121
- 1
- 6
0
votes
1 answer
Upload Trivy result.json file to DefectDojo
I am using trivy to do docker scanning and then saving the output into result.json file. Now I am trying to send the file to DefectDojo to visualize it there, how can I do that?
user16133873
0
votes
1 answer
Quay Clair - Could not get an output on scanning the container images
I'm new to the container security concept. I would like to find the vulnerabilities in the Container images using Quay Clair.
Note: I already tried the container vulnerability scanning using Anchore Engine(which is very straightforward); however,…
Lingom KSR
- 1
- 1
0
votes
1 answer
How to overwrite DevSec Inspec baseline controls
Question:
(How) Is it possible to "overwrite" inspec controls? (specificly in the DevSec Inspec Baselines)?
I don't want to rewrite a whole inspec definition, just specific controls in a contro-file.
Background:
I regularly pull the current…
MacMartin
- 2,366
- 1
- 24
- 27
0
votes
1 answer
Run security checks before rurnning Azure Pipeline CI on public PR
I have a public repo. Random GitHub users are free to create pull requests, and this is great.
My CI pipeline is described in a normal file in the repo called pipelines.yml (we use Azure pipelines).
Unfortunately this means that a random GitHub user…
sscarduzio
- 5,938
- 5
- 42
- 54
0
votes
0 answers
AzSK scan asking for user choice in pipeline
I am facing below issue in AzSK_SVTs release pipeline:
Framework\Abstracts\CommandBase.ps1:250 char:22
$userChoice = Read-Host "Continue (Y/N)"
~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Read-Host],…
Swapnil S.
- 11
- 3
0
votes
1 answer
Force All Jenkins Pipelines to Call Function?
I work at a company with hundreds of Jenkins pipelines defined.
We have a set of scans we want every pipeline to run (SonarQube, Checkmarx, Blackduck, etc). Is there a way that I can write a function that is automatically called at the end of every…
ArtOfWarfare
- 20,617
- 19
- 137
- 193