{"id":15410555,"url":"https://github.com/damienbod/endtoendsecurity","last_synced_at":"2025-04-19T04:18:55.105Z","repository":{"id":236228952,"uuid":"792175232","full_name":"damienbod/EndToEndSecurity","owner":"damienbod","description":"End to end security of a web application","archived":false,"fork":false,"pushed_at":"2025-01-01T17:02:29.000Z","size":1871,"stargazers_count":10,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-29T06:51:16.429Z","etag":null,"topics":["aspnetcore","dotnet","oauth","oidc","openidconnect","sonar","sonarcloud"],"latest_commit_sha":null,"homepage":"https://damienbod.com/2024/05/13/using-sonarcloud-with-asp-net-core-angular-and-github-actions/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/damienbod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-04-26T06:08:49.000Z","updated_at":"2025-01-01T17:02:32.000Z","dependencies_parsed_at":"2024-05-29T18:12:16.680Z","dependency_job_id":"6c70abdc-7acb-44fc-abba-5f7c7bf6a9ef","html_url":"https://github.com/damienbod/EndToEndSecurity","commit_stats":{"total_commits":62,"total_committers":1,"mean_commits":62.0,"dds":0.0,"last_synced_commit":"7e44e5fd98bf024d7868c7a6c95b2779b8e5e9e1"},"previous_names":["damienbod/endtoendsecurity"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FEndToEndSecurity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FEndToEndSecurity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FEndToEndSecurity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/damienbod%2FEndToEndSecurity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/damienbod","download_url":"https://codeload.github.com/damienbod/EndToEndSecurity/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249191329,"owners_count":21227545,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aspnetcore","dotnet","oauth","oidc","openidconnect","sonar","sonarcloud"],"created_at":"2024-10-01T16:44:59.421Z","updated_at":"2025-04-19T04:18:55.077Z","avatar_url":"https://github.com/damienbod.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# End to end security of a web application\r\n\r\n[![.NET and npm build](https://github.com/damienbod/EndToEndSecurity/actions/workflows/dotnet.yml/badge.svg)](https://github.com/damienbod/EndToEndSecurity/actions/workflows/dotnet.yml)\r\n[![SonarCloud](https://github.com/damienbod/EndToEndSecurity/actions/workflows/sonarbuild.yml/badge.svg)](https://github.com/damienbod/EndToEndSecurity/actions/workflows/sonarbuild.yml)\r\n\r\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=alert_status)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=bugs)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=code_smells)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=coverage)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=duplicated_lines_density)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=ncloc)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=reliability_rating)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=security_rating)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=sqale_index)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=sqale_rating)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=damienbod_EndToEndSecurity\u0026metric=vulnerabilities)](https://sonarcloud.io/summary/overall?id=damienbod_EndToEndSecurity)\r\n\r\n[Using SonarCloud with ASP.NET Core, Angular and github actions](https://damienbod.com/2024/05/13/using-sonarcloud-with-asp-net-core-angular-and-github-actions/)\r\n\r\nWebinar:\r\n\r\nhttps://www.youtube.com/watch?v=6cdV-oN_Yao\r\n\r\n## Setup and docs\r\n\r\nhttps://github.com/damienbod/bff-aspnetcore-angular\r\n\r\n![BFF production](https://github.com/damienbod/EndToEndSecurity/blob/main/images/bff-arch-production_01.png)\r\n\r\n## Webinar Agenda\r\n\r\n- Application setup development/production \r\n\t- [ASP.NET Core/Angular](https://github.com/damienbod/bff-aspnetcore-angular)\r\n\t- Secrets\r\n- Authentication\r\n\t- [OpenID Connect Code flow confidential client](https://github.com/damienbod/EndToEndSecurity/blob/main/images/OIDC%20Code%20flow.md)\r\n\t- [PKCE](https://github.com/damienbod/EndToEndSecurity/blob/main/images/PKCE.md)\r\n- Microsoft Entra ID \r\n\t- Microsoft.Identity.Web\r\n\t- Microsoft Graph 5 for profile data\r\n\t- Profile data in UI (UserController)\r\n- Session protection\r\n- CI/CD \r\n\t- [build](.github/workflows/dotnet.yml)\r\n\t- [deployment](.github/workflows/azure-webapps-dotnet-core.yml)\r\n- CI/CD Quality (SonarCloud)\r\n\t- [quality (SonarCloud and github actions)](.github/workflows/sonarbuild.yml)\r\n\t- Analysis for different technical stacks (.csproj)\r\n\t- sonar badges, build badges\r\n\r\n## Other topics\r\n\r\n- What's missing for a productive setup?\r\n\t- infrastructure automation (terraform/biceps)\r\n\t- authorization\r\n\t- data requirements\r\n\r\n## Angular nx Updates\r\n\r\n```\r\nnx migrate latest\r\n\r\nnx migrate --run-migrations=migrations.json\r\n```\r\n\r\n## History\r\n\r\n- 2025-01-01 .NET 9, Angular 19 \r\n- 2024-10-17 Updated security headers performance, updated packages\r\n- 2024-10-06 Updated Angular 18.2.7, Updated security headers\r\n\r\n## Links\r\n\r\nhttps://docs.sonarsource.com/sonarcloud/getting-started/github/\r\n  \r\nhttps://github.com/rufer7/github-sonarcloud-integration\r\n\r\nhttps://blog.rufer.be/2023/10/06/howto-integrate-sonarcloud-analysis-in-an-azure-devops-yaml-pipeline/\r\n\r\nhttps://community.sonarsource.com/t/code-coverage-report-for-net-not-working-on-linux-agent/62087\r\n\r\nhttps://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-for-net/#analyzing-languages-other-than-c-and-vb\r\n\r\nhttps://andreiepure.ro/2023/08/20/analyze-web-files-with-s4net.html\r\n\r\nhttps://github.com/damienbod/bff-aspnetcore-angular\r\n\r\nhttps://community.sonarsource.com/t/webinar-end-to-end-security-in-a-web-application/115405\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Fendtoendsecurity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdamienbod%2Fendtoendsecurity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdamienbod%2Fendtoendsecurity/lists"}