{"id":29268563,"url":"https://github.com/gharbiyasmine/securecodebox-penetration-testing","last_synced_at":"2025-07-04T19:39:07.796Z","repository":{"id":261458499,"uuid":"884367753","full_name":"GHARBIyasmine/SecureCodeBox-Penetration-testing","owner":"GHARBIyasmine","description":"Automated penetration testing pipeline using SecureCodeBox, Kubernetes, Helm, and GitHub Actions for streamlined security scanning.","archived":false,"fork":false,"pushed_at":"2024-12-06T22:23:03.000Z","size":144,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-06T23:21:03.433Z","etag":null,"topics":["helm","kind-cluster","kubernetes","proof-of-concept","regression-testing","securecodebox"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GHARBIyasmine.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-06T16:14:09.000Z","updated_at":"2024-12-06T22:23:06.000Z","dependencies_parsed_at":"2024-11-06T17:40:30.319Z","dependency_job_id":"60bcbb90-c53f-4bf6-87ee-98f9779f375c","html_url":"https://github.com/GHARBIyasmine/SecureCodeBox-Penetration-testing","commit_stats":null,"previous_names":["gharbiyasmine/securecodebox-penetration-testing"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/GHARBIyasmine/SecureCodeBox-Penetration-testing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GHARBIyasmine%2FSecureCodeBox-Penetration-testing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GHARBIyasmine%2FSecureCodeBox-Penetration-testing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GHARBIyasmine%2FSecureCodeBox-Penetration-testing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GHARBIyasmine%2FSecureCodeBox-Penetration-testing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GHARBIyasmine","download_url":"https://codeload.github.com/GHARBIyasmine/SecureCodeBox-Penetration-testing/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GHARBIyasmine%2FSecureCodeBox-Penetration-testing/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263608944,"owners_count":23488095,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["helm","kind-cluster","kubernetes","proof-of-concept","regression-testing","securecodebox"],"created_at":"2025-07-04T19:39:01.574Z","updated_at":"2025-07-04T19:39:07.787Z","avatar_url":"https://github.com/GHARBIyasmine.png","language":null,"readme":"# SecureCodeBox Penetration Testing Pipeline\n\n\n\nThis repository contains a GitHub Actions workflow designed as a proof of concept (POC) for automating penetration tests using [SecureCodeBox](https://www.securecodebox.io/). The pipeline demonstrates the practical application of Kubernetes, Helm, and SecureCodeBox scanners to conduct authenticated scans (advanced ZAP scan) on the Juice-Shop demo application.\n\n## Features\n- **Automated Deployment**: Deploys a Kubernetes Kind cluster, SecureCodeBox operator, and Juice-Shop target.\n- **Penetration Testing**: Uses the ZAP-Advanced scanner to perform a full authenticated scan.\n- **Scan Monitoring**: Monitors scan status and retrieves detailed findings.\n- **Baseline Comparison**: Compares scan results with a baseline to detect regressions or improvements.\n- **Continuous Integration**: Saves findings and updates reports directly to the repository.\n\n## Workflow Overview\nThe workflow is triggered on:\n- **Push Events**: When changes are pushed to the `main` branch.\n- **Manual Dispatch**: Using the `workflow_dispatch` event.\n\n### Jobs and Steps\n1. **Set Up Kubernetes Cluster**: Deploys a Kind cluster and configures `kubectl`.\n2. **Install Helm**: Installs Helm for managing SecureCodeBox components.\n3. **Deploy SecureCodeBox**: Installs the SecureCodeBox operator.\n4. **Deploy Juice-Shop**: Sets up the Juice-Shop demo target application.\n5. **Deploy ZAP-Advanced Scanner**: Installs the ZAP-Advanced scanner.\n6. **Initiate Scan**: Runs a ZAP scan against the Juice-Shop target.\n7. **Monitor Scan Progress**: Waits for the scan to complete.\n8. **Retrieve Results**: Downloads scan findings and generates summary reports.\n9. **Baseline Comparison**: Compares the findings with a baseline to track issues and improvements.\n10. **Save Reports**: Commits findings and updates baseline reports in the repository.\n\n### Pipeline logic \n\nThe following figure depicts the underlying logic of the pipeline, highlighting how it handles various scenarios it may encounter.\n\n![image](https://github.com/user-attachments/assets/19b14d1a-45ea-4f17-81fc-5241c41c7f54)\n\n## Environment Variables\nThe workflow uses the following environment variables:\n- `TARGET_APP`: Name of the target application (e.g., `juice-shop`).\n- `TARGET_APP_HELM`: Helm chart location for the target app.\n- `SCANNER`: Name of the scanner (e.g., `zap-advanced`).\n- `SCANNER_HELM`: Helm chart location for the scanner.\n- `SCAN_NAME`: Name of the scan to be initiated.\n\n## Prerequisites\n- A GitHub repository with the workflow file added in `.github/workflows/`.\n- Kubernetes and Helm installed locally (for testing purposes).\n- A configured `scan.yaml` file describing the scan parameters.\n\n## Usage\n1. Clone this repository:\n   ```bash\n   git clone https://github.com/GHARBIyasmine/SecureCodeBox-Penetration-testing.git\n   cd SecureCodeBox-Penetration-testing\n\n2. Push changes to the `main` branch to trigger the pipeline:\n   ```bash\n   git add .\n   git commit -m \"Add workflow\"\n   git push origin main\n\n3. Monitor the workflow runs under the **Actions** tab in your GitHub repository.\n\n## Scan Results\n\n- Findings are saved in the repository as `findings.json`.\n- Summary reports are generated and stored in `report-summary.json`.\n\n## Notes\n\n- Ensure the `GITHUB_TOKEN` secret is configured in your repository for report commits.\n- Findings and baseline reports are committed to the repository with [skip ci] to avoid triggering redundant workflows.\n\n\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgharbiyasmine%2Fsecurecodebox-penetration-testing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgharbiyasmine%2Fsecurecodebox-penetration-testing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgharbiyasmine%2Fsecurecodebox-penetration-testing/lists"}