ZAP Baseline Scan | ZAP Full Scan | ZAP API Scan |
---|---|---|
[](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"hapi OWASP+ZAP+Baseline+Scan"+in:title) | [](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"hapi OWASP+ZAP+Full+Scan"+in:title) | [](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"hapi OWASP+ZAP+API+Scan"+in:title) |
[](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"bank OWASP+ZAP+Baseline+Scan"+in:title) | [](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"bank OWASP+ZAP+Full+Scan"+in:title) | |
[](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"gql OWASP+ZAP+Baseline+Scan"+in:title) | [](https://github.com/apcj-f5/nap-devsecops-demo/issues?q=is:issue+is:open+"gql OWASP+ZAP+Full+Scan"+in:title) |
This repository hosts files that demonstrate using F5 security solutions (NGINX App Protect, NGINX App Protect DoS, F5 Distributed Cloud) for post-deployment security in application CI/CD pipelines.
Integrating security into post-deployment processes as part of Continuous Delivery/Continuous Deployment ensure that applications at runtime have proper controls, and can also be checked for compliance.
This repository aims to follow security recommended practices for opensource software and contains the following:
- OpenSSF Best Practices for projects
- Scorecard for validation of OpenSSF Best Practices
- Github organisation apcj-f5 uses the Allstar application with the following configuration files
The reference implementation uses the HAPI FHIR application. The application provides an example API gateway for digital health use cases. Source code for the application is in the apps directory.
- Website for the live implementation is at https://nap-devsecops-demo
- Build information from ArgoCD for the deployment is at https://build.f5labs.dev
- SAST using Semgrep with the following workflow run details
- Dependency Checking workflow run details and using Renovate for updating dependencies
- Post deployment functional testing using newman to check WAF blocking policy effectiveness and false positives
- Clone or Fork repository
- Ensure pre-commit is installed
local-repo-dir# pre-commit install
local-repo-dir# pre-commit run --all-files
- Any commits now will run the pre-commit hook changes
- Ensure Git commits are signed