{"id":37298883,"url":"https://github.com/geminishkv/course_labs","last_synced_at":"2026-04-01T22:30:25.962Z","repository":{"id":324623997,"uuid":"1097787672","full_name":"geminishkv/course_labs","owner":"geminishkv","description":"Лабораторные работы по курсам для AppSec, Risk Analysis, Securty Champion: Toolchain, Orchestration, CI/CD, UML, etc.","archived":false,"fork":false,"pushed_at":"2026-03-22T00:41:51.000Z","size":10097,"stargazers_count":17,"open_issues_count":0,"forks_count":20,"subscribers_count":1,"default_branch":"develop","last_synced_at":"2026-03-22T14:13:35.174Z","etag":null,"topics":["appsec","appsec-tutorials","bash","bmstu","containersecurity","course","dast","docker","growth-team","lerning-platform","owasp-top-10","python","sast","sca","secretdetection","security","security-team-testing","toolchain","tools","training-materials"],"latest_commit_sha":null,"homepage":"https://geminishkv.github.io/course_labs/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/geminishkv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE.md","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-16T20:27:11.000Z","updated_at":"2026-03-22T00:35:26.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/geminishkv/course_labs","commit_stats":null,"previous_names":["geminishkv/course_labs"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/geminishkv/course_labs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geminishkv%2Fcourse_labs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geminishkv%2Fcourse_labs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geminishkv%2Fcourse_labs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geminishkv%2Fcourse_labs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/geminishkv","download_url":"https://codeload.github.com/geminishkv/course_labs/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/geminishkv%2Fcourse_labs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T21:15:39.731Z","status":"ssl_error","status_checked_at":"2026-04-01T21:15:34.046Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","appsec-tutorials","bash","bmstu","containersecurity","course","dast","docker","growth-team","lerning-platform","owasp-top-10","python","sast","sca","secretdetection","security","security-team-testing","toolchain","tools","training-materials"],"created_at":"2026-01-16T02:43:40.285Z","updated_at":"2026-04-01T22:30:25.947Z","avatar_url":"https://github.com/geminishkv.png","language":"Python","readme":"\u003cdiv align=\"center\"\u003e\n\u003ca href=\"https://github.com/geminishkv/course_labs\"\u003e\n\u003cimg src=\"https://socialify.git.ci/geminishkv/course_labs/image?description=1\u0026language=1\u0026name=1\u0026owner=1\u0026theme=Dark\" alt=\"course_labs\" width=\"640\" /\u003e\n\u003c/a\u003e\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n![Repo Size](https://img.shields.io/github/repo-size/geminishkv/course_labs)![License](https://img.shields.io/github/license/geminishkv/course_labs)![CI](https://img.shields.io/github/actions/workflow/status/geminishkv/course_labs/ci.yml?branch=develop)![Status](https://img.shields.io/badge/status-active-success)![Release](https://img.shields.io/github/v/release/geminishkv/course_labs)![Contributors](https://img.shields.io/github/contributors/geminishkv/course_labs)![Open pull requests](https://img.shields.io/github/issues-pr/geminishkv/course_labs)![Commit Activity](https://img.shields.io/github/commit-activity/m/geminishkv/course_labs)![Last commit](https://img.shields.io/github/last-commit/geminishkv/course_labs)\n\n\u003c/div\u003e\n\nПрактический курс по прикладной безопасности приложений: от `Git` до полноценного DevSecOps-конвейера.\n\n**Что изучаем:**\n\n* **Инфраструктура:** `Git`, `CI/CD`, `Docker`, `Docker Compose`, `GitHub Actions`, `YAML`\n* **Языки:** `Python`, `Shell` (`Java` и `Go` — в контексте SCA и анализа зависимостей)\n* **AppSec инструменты:** `Semgrep`, `Checkov`, `OWASP Dependency-Check`, `Trivy`, `OWASP ZAP`, `Gitleaks`\n* **Стандарты:** OWASP Top 10, CIS Benchmarks, CVSS, ISO 27005\n* **Анализ рисков:** оценка, приоритизация, стратегии снижения рисков ИБ\n\n**Как устроен курс:**\n\n* 10 лабораторных работ + итоговый pet-project\n* Каждая лабораторная — отдельный репозиторий с исходным кодом и отчётом в формате `gistup`\n* Все работы выполняются в ветке `develop` → `pull request` → [approve](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review) от [geminishkv](https://github.com/geminishkv)\n* Прогрессия: `Git` → `Linux` → `Nmap` → `Docker` → `CIS Benchmark` → `SAST/SCA` → `DAST` → `Secret Detection` → `CI/CD` → `Risk Analysis`\n\n**Замечания:**\n\n* Лабораторные обязательны для всех — вне зависимости от уровня подготовки\n* Каждая работа разбивается на атомарные коммиты для трекинга изменений\n* Отчёт сдаётся индивидуально с защитой: каждая команда — с описанием флагов и выводом из терминала\n* В отчётах — вывод из консоли, не скриншоты\n* Часть инструментов требует установки дополнительных `open-source` пакетов \n\n### Этапы\n\n1. Выполнить подготовительные инструкции:\n    * [Подготовка рабочего окружения](labs/intro/vmbox_tutorial.md) — VirtualBox, установка Linux\n    * [Настройка Git, GPG и GitHub CLI](labs/intro/git_setup.md) — git config, SSH, GnuPG, gh\n    * [Оформление отчётов Gistup](labs/intro/gistup_guide.md) — формат, структура, правила\n2. Каждый репозиторий должен содержать `.gitignore`, `CODE_OF_CONDUCT`, `CONTRIBUTING`, `LICENSE`, `NOTICE`, `SECURITY`\n3. Выполнить лабораторные работы по порядку:\n\n-  [ ] lab01 — [GitSCM — подготовка рабочего окружения](labs/basic/lab01/README.md)\n-  [ ] lab02 — [*nix — права доступа, SUID, ACL, процессы](labs/basic/lab02/README.md)\n-  [ ] lab03 — [Nmap — сканирование сети, NSE и защита результатов](labs/basic/lab03/README.md)\n-  [ ] lab04 — [Анализ и определение мер снижения рисков ИБ](labs/basic/lab04/README.md)\n-  [ ] lab05 — [Docker — контейнеризация приложений](labs/basic/lab05/README.md)\n-  [ ] lab06 — [Docker CIS Benchmark и Trivy](labs/basic/lab06/README.md)\n-  [ ] lab07 — [SAST, SCA и Secret Detection](labs/basic/lab07/README.md)\n-  [ ] lab08 — [DAST — OWASP ZAP и ручное тестирование](labs/basic/lab08/README.md)\n-  [ ] lab09 — [DevSecOps CI/CD конвейер на GitHub Actions](labs/basic/lab09/README.md)\n-  [ ] lab10 — [Оценка анализа рисков ИБ — практика](labs/basic/lab10/README.md)\n\n4. Реализовать итоговую работу:\n\n-  [ ] pet_project — [Индивидуальный проект: полный стек AppSec/DevSecOps](labs/pet_project/README.md)\n\n***\n\n### Карта\n\n```mermaid\nflowchart TD\n    subgraph Intro[\"Подготовка\"]\n        I01[\"VirtualBox \u0026 Linux\"]\n        I02[\"Git, GPG, SSH, gh\"]\n        I03[\"Gistup отчёты\"]\n    end\n\n    subgraph Foundations[\"Основы\"]\n        L01[\"Lab 01 · Git SCM\"]\n        L02[\"Lab 02 · Linux, SUID, ACL\"]\n        L03[\"Lab 03 · Nmap, NSE\"]\n        L04[\"Lab 04 · Risk Analysis\"]\n    end\n\n    subgraph Containers[\"Контейнеризация\"]\n        L05[\"Lab 05 · Docker\"]\n        L06[\"Lab 06 · CIS Benchmark, Trivy\"]\n    end\n\n    subgraph AppSec[\"AppSec Toolchain\"]\n        L07[\"Lab 07 · SAST, SCA, Secret Detection\\nSemgrep · Checkov · Gitleaks\"]\n        L08[\"Lab 08 · DAST\\nOWASP ZAP\"]\n    end\n\n    subgraph DevSecOps[\"DevSecOps\"]\n        L09[\"Lab 09 · CI/CD Pipeline\\nGitHub Actions\"]\n        L10[\"Lab 10 · Risk Analysis · Practice\"]\n    end\n\n    PET[\"Pet Project — индивидуальная работа\"]\n\n    Intro --\u003e Foundations\n    Foundations --\u003e Containers\n    Containers --\u003e AppSec\n    AppSec --\u003e DevSecOps\n    DevSecOps --\u003e PET\n```\n\n***\n\n### Формализованные требования \n\n- Единый стиль кода\n- Все функции по работе с деревом должны находиться в пространстве имен\n- Оформление `README.md` в соответствии с содержанием проекта\n- Оформление `.gitignore` в соответствии с содержанием проекта\n- Оформление `.dockerignore` в соответствии с содержанием проекта\n- Использовать подходящий тип `LICENSE` для проекта и `NOTICE`\n- Создать и использовать скрипты для автоматизации сборки проекта, примеров, тестов, пакетирования\n- Обеспечить непрерывный процесс сборки проекта с использованием сервиса `GitHub Actions`\n- Написать документацию к проекту с использованием инструмента **doxygen**\n- Обеспечить размещение пакета проекта на сервисе `GitHub Release` при успешном слияние ветки `develop`\n- Рефакторинг и поддержка лабораторных работ в процессной деятельности\n- Все команды выполняться строго из `терминала/ консоли` без использования `WebUI` за исключениям работы с токенами, ключами и специфичными настройками\n\n***\n\n### Tutorial\n\n* Подготовка окружения\n\n```bash\n$ python3 -m venv .venv\n$ source .venv/bin/activate\n$ pip install -r requirements.txt\n$ python -m mkdocs serve --livereload\n# or\n$ mkdocs serve -a 127.0.0.1:8001 # прямое обозначение адреса\n```\n\n* Очистка локального репозитория\n\n```bash\n$ rm -rf __pycache__ scripts/__pycache__  # etc.\n$ rm -rf .venv\n$ lsof -i :8000\n$ kill \u003cPID\u003e\n```\n\n* Release\n\n```bash\n$ git tag -a v1.0.0 -m \"v1.0.0\"\n$ git push origin v1.0.0\n\n$ git tag -d v0.1.0                    # удалить локальный тег\n$ git push origin :refs/tags/v0.1.0   # удалить тот же тег на GitHub\n```\n\n***\n\n### Структура\n\n```\n├── docs/                          # MkDocs source\n│   ├── index.md                   # Главная\n│   ├── licenses.md                # 41 лицензия\n│   ├── appsec_tt.md               # 29 классов инструментов\n│   ├── APPENDIX.md                # Команды и утилиты\n│   ├── troubleshooting.md         # FAQ\n│   ├── glossary.md                # 39 аббревиатур\n│   ├── labs/\n│   │   ├── intro/                 # vmbox, git_setup, gistup\n│   │   ├── basic/                 # lab01-10\n│   │   └── pet_project.md\n│   ├── materials/                 # Примеры, OWASP Top 10\n│   ├── artifacts/                 # CheatSheets, PDF, assets\n│   ├── stylesheets/               # CSS (tokens, layout, ...)\n│   ├── javascripts/               # JS\n│   └── overrides/                 # main.html, 404.html\n├── labs/\n│   ├── intro/                     # vmbox, git_setup, gistup\n│   ├── basic/                     # lab01-10\n│   └── pet_project/\n├── .github/workflows/\n│   ├── ci.yml                     # Lint → Audit → Build → Deploy\n│   └── release-from-notes.yml\n├── hooks.py                       # Sitemap enrichment\n├── mkdocs.yml\n├── requirements.txt\n└── RELEASE_NOTES.md\n```\n\n\u003c!-- legacy tree below kept for reference --\u003e\n\u003c!-- ```\n├── assets\n│   └── logotype\n│       ├── logo.jpg\n│       └── logo2.jpg\n├── CODE_OF_CONDUCT.md\n├── CONTRIBUTING.md\n├── docs\n│   ├── about.md\n│   ├── APPENDIX.md\n│   ├── appsec_tt.md\n│   ├── artifacts\n│   │   ├── assets\n│   │   │   ├── favicon.ico\n│   │   │   ├── logo.png\n│   │   │   └── logotypemd.jpg\n│   │   ├── cheatsheet\n│   │   │   ├── CHEATSHEET_DOCKER.md\n│   │   │   ├── CHEATSHEET_DOCKERIGNORE.md\n│   │   │   ├── CHEATSHEET_GH_CLI.md\n│   │   │   ├── CHEATSHEET_GIT.md\n│   │   │   └── CHEATSHEET_GITIGNORE.md\n│   │   ├── exmpls\n│   │   │   ├── risk-analysis.png\n│   │   │   ├── table1.png\n│   │   │   └── transaction.png\n│   │   ├── owasp\n│   │   │   ├── Authentication.pdf\n│   │   │   ├── Authorization.pdf\n│   │   │   ├── Client-side_Attacks.pdf\n│   │   │   ├── Command_Execution.pdf\n│   │   │   ├── Information_Disclosure.pdf\n│   │   │   ├── Logical_Attacks.pdf\n│   │   │   └── OWASP_Top_10_CICD_Risks.pdf\n│   │   └── ppt\n│   │       └── Лекция_Управление Рисками ИБ_intro.pdf\n│   ├── channel.md\n│   ├── index.md\n│   ├── javascripts\n│   │   ├── custom-title.js\n│   │   └── typewriter-target.js\n│   ├── labs\n│   │   ├── lab01.md\n│   │   ├── lab02.md\n│   │   ├── lab03.md\n│   │   ├── lab04.md\n│   │   ├── lab05.md\n│   │   ├── lab06.md\n│   │   ├── lab07.md\n│   │   ├── lab08.md\n│   │   ├── lab09.md\n│   │   ├── lab10.md\n│   │   └── pet_project.md\n│   ├── licenses.md\n│   ├── materials\n│   │   ├── examples\n│   │   │   ├── exmpl.md\n│   │   │   ├── Multisignature.md\n│   │   │   ├── PrintNightmare.md\n│   │   │   └── RA.md\n│   │   └── OWASPTOP10\n│   │       ├── Authentication.md\n│   │       ├── Authorization.md\n│   │       ├── Client-side Attacks.md\n│   │       ├── Command Execution.md\n│   │       ├── Information Disclosure.md\n│   │       ├── Logical Attacks.md\n│   │       └── OWASP_Top_10_CICD_Risks.md\n│   ├── RELEASE_NOTES.md\n│   ├── robots.txt\n│   ├── Security.md\n│   └── stylesheets\n│       ├── burger.css\n│       ├── clipboard.css\n│       ├── footer.css\n│       ├── header.css\n│       ├── layout.css\n│       ├── mobile-logo.css\n│       ├── search.css\n│       ├── sidebar.css\n│       ├── tools-overlay.css\n│       └── typeset.css\n├── eslint.config.js\n├── labs\n│   ├── lab01\n│   │   ├── README.md\n│   │   └── typersteel.py\n│   ├── lab02\n│   │   ├── exmpl_hello.py\n│   │   ├── pygamesteel.py\n│   │   └── README.md\n│   ├── lab03\n│   │   ├── exmp_targets.txt\n│   │   └── README.md\n│   ├── lab04\n│   │   └── README.md\n│   ├── lab05\n│   │   ├── client\n│   │   │   ├── client.py\n│   │   │   ├── Dockerfile\n│   │   │   └── requirements.txt\n│   │   ├── docker-compose.yml\n│   │   ├── README.md\n│   │   ├── server\n│   │   │   ├── app.py\n│   │   │   ├── Dockerfile\n│   │   │   └── requirements.txt\n│   │   └── source\n│   │       ├── Dockerfile\n│   │       ├── hello.py\n│   │       ├── image.tar\n│   │       └── requirements.txt\n│   ├── lab06\n│   │   ├── audit_reports\n│   │   ├── audit.sh\n│   │   ├── config\n│   │   │   └── nginx.conf\n│   │   ├── docker-compose.yml\n│   │   ├── README.md\n│   │   └── vulnerable-app.yml\n│   ├── lab07\n│   │   ├── cheat_check_yuorself.sh\n│   │   ├── docker-compose.yml\n│   │   ├── README.md\n│   │   ├── sast\n│   │   │   ├── checkov-config.yaml\n│   │   │   └── semgrep-rules.yml\n│   │   ├── sca\n│   │   │   ├── dependency-check.sh\n│   │   │   └── pom.xml\n│   │   └── vulnerable-app\n│   │       ├── app.py\n│   │       ├── config.yaml\n│   │       ├── Dockerfile\n│   │       └── requirements.txt\n│   ├── lab08\n│   │   ├── dast\n│   │   │   ├── convert_reports.py\n│   │   │   ├── reports\n│   │   │   ├── zap_scan.sh\n│   │   │   └── zap-baseline.conf\n│   │   ├── docker-compose.yml\n│   │   ├── README.md\n│   │   ├── requirements.txt\n│   │   └── vulnerable-app\n│   │       ├── app.py\n│   │       ├── Dockerfile\n│   │       ├── files\n│   │       │   └── secret.txt\n│   │       └── requirements.txt\n│   ├── lab09\n│   │   └── README.md\n│   ├── lab10\n│   │   └── README.md\n│   └── pet_project\n│       └── README.md\n├── LICENSE.md\n├── mkdocs.yml\n├── mypy.ini\n├── NOTICE.md\n├── README.md\n├── RELEASE_NOTES.md\n├── requirements.txt\n├── ruff.toml\n├──  scripts\n│   └── generate_sitemap.py\n├── SECURITY.md\n├── sitemap.xml\n└── stylelint.config.cjs\n``` --\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeminishkv%2Fcourse_labs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgeminishkv%2Fcourse_labs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgeminishkv%2Fcourse_labs/lists"}