From ac2dad8419359ded377a1fbeaa7e876520c7820d Mon Sep 17 00:00:00 2001 From: lvainio Date: Mon, 16 Sep 2024 17:20:32 +0200 Subject: [PATCH 1/3] chore: add executable tutorial proposal --- .../executable-tutorial/lvainio/README.md | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 contributions/executable-tutorial/lvainio/README.md diff --git a/contributions/executable-tutorial/lvainio/README.md b/contributions/executable-tutorial/lvainio/README.md new file mode 100644 index 0000000000..e11285c60a --- /dev/null +++ b/contributions/executable-tutorial/lvainio/README.md @@ -0,0 +1,25 @@ +# Assignment Proposal + +## Title + +SAST in go using gosec + +## Names and KTH ID + +- Leo Vainio (lvainio@kth.se) + +## Deadline + +- Task 2 + +## Category + +- Executable Tutorial + +## Description + +To make the tutorial I will use Killercoda. Gosec is a security scanner for the go language which identifies common vulnerabilities. My idea is to create a mock project in go that contains some vulnerabilities and then show in the tutorial how gosec can be used to identify these vulnerabilities. I will show how gosec is installed and will give some different examples on how to use it. I might also show how it can be integrated with GitHub Actions. + +**Relevance** + +Detecting vulnerabilities as soon as new code is commited to the code base is great since it is often easier and cheaper to fix these issues when they are found early. Scanning the source code for known vulnerabilities, which is what gosec does, is one way to detect security issues early on. Having security integrated in the DevOps workflow also alleviates the potential bottleneck of having a completely separate security team having to review each new update. \ No newline at end of file From 9c7bccd6560e1d9b1df2718f6bb84c1cf7a4145c Mon Sep 17 00:00:00 2001 From: lvainio Date: Mon, 16 Sep 2024 17:21:42 +0200 Subject: [PATCH 2/3] chore: fix --- contributions/executable-tutorial/lvainio/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contributions/executable-tutorial/lvainio/README.md b/contributions/executable-tutorial/lvainio/README.md index e11285c60a..427f70443d 100644 --- a/contributions/executable-tutorial/lvainio/README.md +++ b/contributions/executable-tutorial/lvainio/README.md @@ -22,4 +22,4 @@ To make the tutorial I will use Killercoda. Gosec is a security scanner for the **Relevance** -Detecting vulnerabilities as soon as new code is commited to the code base is great since it is often easier and cheaper to fix these issues when they are found early. Scanning the source code for known vulnerabilities, which is what gosec does, is one way to detect security issues early on. Having security integrated in the DevOps workflow also alleviates the potential bottleneck of having a completely separate security team having to review each new update. \ No newline at end of file +Detecting vulnerabilities as soon as new code is commited to the code base is great since it is often easier and cheaper to fix these issues when they are found early. Scanning the source code for known vulnerabilities, which is what gosec does, is one way to detect security issues early on. Having security integrated in the DevOps workflow also alleviates the potential bottleneck of having a completely separate security team having to review each new update, which could delay deployment. \ No newline at end of file From e923ea2109147c1a946542416d401e7720545b1a Mon Sep 17 00:00:00 2001 From: lvainio Date: Tue, 24 Sep 2024 14:05:00 +0200 Subject: [PATCH 3/3] chore: add member --- contributions/executable-tutorial/lvainio/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/contributions/executable-tutorial/lvainio/README.md b/contributions/executable-tutorial/lvainio/README.md index 427f70443d..2fc8107d45 100644 --- a/contributions/executable-tutorial/lvainio/README.md +++ b/contributions/executable-tutorial/lvainio/README.md @@ -7,6 +7,7 @@ SAST in go using gosec ## Names and KTH ID - Leo Vainio (lvainio@kth.se) +- Wenqi Cao (wenqic@kth.se) ## Deadline