forked from ShiftLeftSecurity/tarpit-java
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshiftleft.yml
51 lines (51 loc) · 1.3 KB
/
shiftleft.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# Build rules compares PR branch check-analysis scan against
# the main branch and break if anything new is found
source:
branch: main
build_rules:
- id: no-new-high-vulns-or-secrets
finding_types:
- vuln
- secrets
severity:
- SEVERITY_HIGH_IMPACT
# - id: build-rule-enchalada
# - vuln
# - secret
# - insight
# severity:
# - SEVERITY_HIGH_IMPACT # or "critical"
# - SEVERITY_MEDIUM_IMPACT # or "moderate"
# - SEVERITY_LOW_IMPACT # or "info"
# type:
# - Cookie Injection
# - Deserialization
# - Directory traversal
# - File Write
# - Insecure Cookie
# - LDAP Injection
# - Mail Injection
# - Mass Assignment
# - NoSQL Injection
# - Open Redirect
# - Remote Code Execution
# - Sensitive Data Leak
# - Session Injection
# - SQL Injection
# - TLS checks are disabled
# - Usage of insecure API
# - Weak Hash
# - XML InjectionXPath Injection
# - XPath Injection
# - XSS
# - XXE
# owasp_category:
# - a1-injection
# - a2-broken-authentication
# - a3-sensitive-data-exposure
# - a4-xxe
# - a5-broken-access-control
# - a6-security-misconfiguration
# - a7-cross-site-scripting
# - a7-xss
# - a8-deserialization