This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP AppSec Pipeline"

From OWASP
Jump to: navigation, search
m
m (Pipeline - Deliver)
Line 5: Line 5:
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
+
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
  
 
==The OWASP AppSec Rugged DevOps Pipeline Project==
 
==The OWASP AppSec Rugged DevOps Pipeline Project==
Line 21: Line 21:
  
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
 
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
+
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
  
 
== What is the OWASP AppSec Pipeline Project? ==
 
== What is the OWASP AppSec Pipeline Project? ==
Line 30: Line 30:
  
 
[mailto:matt.tesauro@owasp.org Matt Tesauro]<br />
 
[mailto:matt.tesauro@owasp.org Matt Tesauro]<br />
[mailto:aaron.weaver2@gmail.com Aaron Weaver]<br/>
+
[mailto:aaron.weaver2@gmail.com Aaron Weaver]<br />
  
 
== Contributors ==
 
== Contributors ==
  
 
[mailto:adam@parsons.cloud Adam Parsons]<br />
 
[mailto:adam@parsons.cloud Adam Parsons]<br />
[mailto:matt.konda@owasp.org Matt Konda]<br/>
+
[mailto:matt.konda@owasp.org Matt Konda]<br />
  
 
== Related Projects ==
 
== Related Projects ==
Line 42: Line 42:
  
  
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
+
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->| valign="top" style="padding-left:25px;width:200px;" |
| valign="top" style="padding-left:25px;width:200px;" |
 
  
 
== News and Events ==
 
== News and Events ==
Line 54: Line 53:
  
 
==Classifications==
 
==Classifications==
 
  
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"
 
   |-
 
   |-
   | align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
+
   | rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
   | align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]]   
+
   | align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]]   
 
   |-
 
   |-
   | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
+
   | align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=]]
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]  
+
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]  
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br /> <br />[[File:Project_Type_Files_CODE.jpg|link=]]<br /> <br />[[File:Project_Type_Files_TOOL.jpg|link=]]
+
   | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]<br /> <br />[[File:Project_Type_Files_CODE.jpg|link=]]<br /> <br />[[File:Project_Type_Files_TOOL.jpg|link=]]
 
   |}
 
   |}
  
 
|}
 
|}
 
  
 
=Pipeline Tools=
 
=Pipeline Tools=
Line 136: Line 133:
 
'''Recommended Tools'''
 
'''Recommended Tools'''
 
A complete listing of tools and review will be in the Pipeline Tools section.
 
A complete listing of tools and review will be in the Pipeline Tools section.
*[https://github.com/PearsonEducation/bag-of-holding Bag of Holding ]: An application security utility to assist in the organization and prioritization of software security activities.
+
*[https://github.com/PearsonEducation/bag-of-holding Bag of Holding] : An application security utility to assist in the organization and prioritization of software security activities.
 
**Dashboard showing entire application portfolio and last assessment date
 
**Dashboard showing entire application portfolio and last assessment date
 
**Applications requiring assessments
 
**Applications requiring assessments
Line 196: Line 193:
 
=Milestones=
 
=Milestones=
  
===AppSec ToolBox Release===
+
===AppSec Plugin Index Initial Release ===
*Release AppSec ToolBox and Call for PR: October 30, 2016
+
*Release AppSec ToolBox and Call for PR: January 10, 2017
  
 
===Docker AppSec Pipeline Release===
 
===Docker AppSec Pipeline Release===
*Preview Release: October 17, 2016
+
*Beta Release: January 10, 2017
  
 
=FAQs=
 
=FAQs=
Line 217: Line 214:
 
Besides the project leaders, contributions have been made by:
 
Besides the project leaders, contributions have been made by:
  
* [https://github.com/aparsons Adam Parsons] - Bag of Holding
+
*  
* Matt Brown - suggestions and review of Bag of Holding
 
* Lee Thurlow - suggestions and review of Bag of Holding
 
  
 
= Getting Involved =
 
= Getting Involved =

Revision as of 14:40, 11 December 2017

OWASP Project Header.jpg

The OWASP AppSec Rugged DevOps Pipeline Project

The OWASP AppSec Rugged DevOps Pipeline Project is the place to find the information you need to increase the speed and automation of your AppSec program. Using the sample implementation, documentation and references of this project will allow you to setup your own AppSec Pipeline.

Description

The AppSec pipeline project is a place to gather together information, techniques and tools to create your own AppSec Pipeline. AppSec Pipelines takes the principles of DevOps and Lean and applies that to an application security program. The project will gather references, code, and specific guidance for tools/software which would compose an AppSec Pipeline.

Licensing

The OWASP AppSec Pipeline Project documentation is licensed under the Creative Commons Attribution-ShareAlike 3.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

What is the OWASP AppSec Pipeline Project?

The AppSec Pipeline project is a place to gather together information, techniques and tools to create your own AppSec Pipeline.

Project Leaders

Matt Tesauro
Aaron Weaver

Contributors

Adam Parsons
Matt Konda

Related Projects

OWASP_Web_Testing_Environment_Project


News and Events

AppSecUS 2016 AppSec++ Take the best of Agile, DevOps and CI/CD into your AppSec Program

In Print

Building an AppSec Pipeline
Taking DevOps practices into your AppSec Life

Classifications

New projects.png Owasp-breakers-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg

Project Type Files CODE.jpg

Project Type Files TOOL.jpg