Skip to content

TandilSec/DevSecOps-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
djangoapp
djangoapp
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 

Repository files navigation

Introduccion

Charla de Seguridad en optativa DevOps 2018 - UNICEN

Aplicacion base

mkvirtualenv --python=python3.6 djangoapp
pip install --upgrade pip setuptools wheel Django==2.1.3

django-admin startproject djangoapp

nano requirements.txt

  Django==2.1.3
  gunicorn==19.9.0

nano Dockerfile

  FROM python:3.6-alpine

  ADD . /usr/src/app
  WORKDIR /usr/src/app

  COPY requirements.txt ./

  RUN pip install --no-cache-dir -r requirements.txt

  EXPOSE 8000

  CMD exec gunicorn djangoapp.wsgi:application --bind 0.0.0.0:8000 --workers 3

docker build -t django_app_image .

docker run --name django_app -p 8000:8000 -i -t django_app_image

Chequeo de dependencias

docker pull owasp/dependency-check
docker run -i --volume dependency-check-data:/usr/share/dependency-check/data --volume "$(pwd)":/src owasp/dependency-check --scan /src --project "Test"

Analisis dinamico de codigo

docker pull owasp/zap2docker-stable
docker run -i owasp/zap2docker-stable zap-baseline.py -t http://172.17.0.2:8000/
docker run -i owasp/zap2docker-stable zap-cli quick-scan --self-contained --start-options '-config api.disablekey=true' http://172.17.0.2:8000/

Chequeo de seguridad de contenedor

Instalar clair-scanner

go get -u github.com/golang/dep/cmd/dep
git clone https://github.com/arminc/clair-scanner.git src/clair-scanner/
cd src/clair-scanner/ && make ensure && make build

Lanzar una instancia de Clair y su base de datos

make db
make clair

Analizar la imagen con Clair

./clair-scanner --ip=172.17.0.1 django_app_image

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages