49 questions
Score of 3
0 answers
86 views
How to set params from OpenAPI "requestBody"?
I used to start scanning OpenAPI via Nuclei 3.4.10:
nuclei -l openapi.json -im openapi -c 50 -bulk-size 50 -rate-limit 200 -sresp
While scanning Nuclei is using required_openapi_params.yaml variables ...
Score of 0
0 answers
163 views
How can I suppress Dependency-Track findings at the project level automatically (without manual per-finding suppression)?
I’m using OWASP Dependency-Track and I’d like to suppress certain vulnerabilities project-wise automatically. Right now, the only approach I know is to mark each finding as “Suppressed” manually in ...
Score of 0
0 answers
168 views
Cannot connect to PostgreSQL over Cloudflare Tunnel
I’m running into a problem exposing a PostgreSQL database through a Cloudflare Tunnel, and I’m hoping someone with deeper Cloudflare Zero Trust/WARP experience can help me understand what’s going on.
...
Score of 0
1 answer
99 views
DevSecOps pipeline — scans run on test branch, but devs keep pushing to dev/preprod/prod, how to ensure new code is scanned before production?
I’m an intern working in DevSecOps. Our repo uses branches: test, dev, preprod, prod. I’ve set up scans (SAST, container scan , DAST ) triggered from the test branch.
But the dev team often pushes ...
Score of 1
1 answer
554 views
Why is the OWASP Dependency Track dashboard empty?
am new to Dependency Track and I was managed to configure it and set it up with SecOps pipeline. I have few Node JS test projects configured in Dependency Track which shows Vulnerabilities but the ...
Score of 0
1 answer
247 views
How to securely manage secrets in Angular, Firebase, GitLab CI/CD?
I am working on an Angular application deployed on Firebase Hosting. I want to keep my sensitive API keys and tokens secure without exposing them in environment.ts, environment.prod.ts, etc files. I ...
Score of 1
1 answer
108 views
Chronicle yara-l not failing on IP list
Trying to create a rule in Google SecOps (Chronicle) to detect that an unknown user and/or an unknown IP has successfully logged into a server. If a known user logs in from an unknown IP, that should ...
Score of 0
0 answers
132 views
Testkube error while running test against k8s cluster
I created a custom python script to run tests against my k8s cluster components - configmaps, secrets and roles (RBAC). Next I defined a custom executor for python to execute the test. This is as ...
Score of 0
1 answer
121 views
How can I detect azure cloud defender recommendations early?
Is there a good way to prevent defender for cloud recommendations/warnings before doing changes?
Defender for DevOps usually deals with SAST scanning on repos, but the warnings I'm interested in ...
Score of 0
1 answer
494 views
Snyk container monitor target name is not showing an IMAGE_TAG
Wanted to ask a question about Snyk cli container monitor of docker image. So we got a docker image for example reponame/image_name:image_tag. We are monitoring this image from cli like snyk container ...
Score of -1
1 answer
226 views
GitLab merge request - custom container scan report
I am trying to add a custom scan report for report type "container_scanning" with the goal of displaying the results inside the merge request. The Container image will be scanned using trivy....
Score of 0
0 answers
92 views
Deploying React with Github actions
Need advice with DevSecOps best practices for building CI/CD pipeline using Github actions and terraform to deploy on ACR on Azure
try to search and found only high level practices.
if there is an ...
Score of 1
2 answers
2032 views
Snyk doesn't check vulnerabilities in main code files
I added my github projects to snyk.io portal to check vulnerabilities. Sadly, snyk is only checking files ending with the .json, .yml, .txt etc. It's not checking vulnerabilities in typescript, js, ...
Score of 0
1 answer
132 views
How does Fortify calculates the "estimated remediation effort" score?
How does fortify calculates the estimated remediation effort score?
In the page 129 of this document, the product manual says what the score is, what it means, but it does not provide any clue on how ...
Score of 1
0 answers
540 views
Webflow: host security.txt at .well-known
How can I host a /.well-known/security.txt file in Webflow?
I tried to set up a 301 redirect from /.well-known/security.txt to another path, but I get the error:
Invalid .well-known request
Does ...