This workshop will focus on automating software composition analysis, static application security testing and dynamic application security testing using GitHub Actions. After a brief introduction covering the different types of application security and the importance of finding security vulnerabilities before they hit production, we'll dive into a hands-on session where users will add three different security testing tool to their build pipelines.
JS Security Testing in GitHub Actions
- Intro3 minutes
- Use GitHub actions to automatically build a Node application29 minutes
- Add Dependabot to scan the app's dependencies for known vulnerabilities8 minutes
- Add CodeQL o scan the app's codebase for vulnerabilities13 minutes
- Add StackHawk to dynamically scan the running app for vulnerabilitiesabout 1 hour