This video contains details on what is SCA, what is OWASP dependency check, what are OWASP top 10 vulnerabilities and how to integrate OWASP dependency check in azure pipeline.
Thank you for the comment. The data won't leave the pipeline, the tools won't upload your data anywhere. Running the scan locally is very simple, download the command line tool and run the script mention on below page with proper inputs: jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html Refer the command which is mentioned under title windows. If the content helps you do subscribe to my channel.
Thank you for your comment. For python files OWASP dependency check provides experimental analyzer, the information is provided on below page: jeremylong.github.io/DependencyCheck/analyzers/index.html And below page contains the settings we need to enable for experimental analyzer: jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html Do let me know if it helps. Also if you find the content informative, do subscribe to my channel.
which is best sca tools?
Really a great vedio
Please can I know what is input to scan --scan ??? it the build location or the source code
Great video, just few questions,
Does the data leaves the pipeline?
And if I download dependency check, how can I run scans offline in my system?
Thank you for the comment.
The data won't leave the pipeline, the tools won't upload your data anywhere. Running the scan locally is very simple, download the command line tool and run the script mention on below page with proper inputs:
jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html
Refer the command which is mentioned under title windows. If the content helps you do subscribe to my channel.
Hello Buddy. Great video. Can you also create some tutorial on OWASP ZAP and its integration in Azure Pipeline?
Yes, soon will create one.
How can we perform incremental scan or scanning the modified file in CI/CD pipeline?
Sorry for delayed response, you try integrating sonar scan in pull request. That will make sure the scan is performed on the files which are modified.
How can I do dependency check for python files? Do you have a plugin to add in XML file
Thank you for your comment.
For python files OWASP dependency check provides experimental analyzer, the information is provided on below page:
jeremylong.github.io/DependencyCheck/analyzers/index.html
And below page contains the settings we need to enable for experimental analyzer:
jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html
Do let me know if it helps.
Also if you find the content informative, do subscribe to my channel.
Hi, great video. How can I scan all type of files, not only .csproj?
Thank You!
I think if you provide root location for scan then it goes for scanning all file, let me know if you try it.
@@thesoftwaredeveloper2307 I have no idea. I want to scan all files, all extensions. Any idea?
You sucks explaining, what is all the configuration to get the report?