Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dylan-smith/prdc-2023-ghas-demo-02
https://github.com/dylan-smith/prdc-2023-ghas-demo-02
Last synced: 22 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/dylan-smith/prdc-2023-ghas-demo-02
- Owner: dylan-smith
- License: other
- Created: 2023-10-06T15:07:20.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2023-10-06T15:36:25.000Z (about 1 year ago)
- Last Synced: 2023-10-06T16:37:39.447Z (about 1 year ago)
- Language: JavaScript
- Size: 22.8 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Security: SECURITY.md
Awesome Lists containing this project
README
# Demo GHAS
Code Scanning Alerts & Dependency Alerts on non-default Branches
test secret = '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'
#### WebGoat 8: A deliberately insecure Web Application
This is a copy of WebGoatm, a deliberately insecure web application maintained by [OWASP](http://www.owasp.org/) designed to teach web
application security lessons.#### :rotating_light: Do not use it to demo features not related to GHAS Code Scanning and Vulnerabilities alerts on non-default branches
This program is a demonstration of common server-side application flaws. The
exercises are intended to be used by people to learn about application security and
penetration testing techniques.**WARNING 1:** *While running this program your machine will be extremely
vulnerable to attack. You should disconnect from the Internet while using
this program.* WebGoat's default configuration binds to localhost to minimize
the exposure.**WARNING 2:** *This program is for educational purposes only. If you attempt
these techniques without authorization, you are very likely to get caught. If
you are caught engaging in unauthorized hacking, most companies will fire you.
Claiming that you were doing security research will not work as that is the
first thing that all hackers claim.*## How to use it
In order to install and run it, check out the [original demo](https://github.com/octodemo/WebGoat) created by @nickliffen#### `codeql.yml`
Workflow with the CodeQL analysis. Runs at 0:00 UTC on Sunday.You can check the results of its runs on the [Security Tab](https://github.com/octodemo/demo-vulnerabilities-ghas/security/code-scanning).
#### `dependencies.yml`
Workflow that checks every new PR that changes dependencies files. If the PR introduces dependencies with known vulnerabilities, it fails. PRs that don't change dependencies are not checked.Uses [this Action](https://github.com/marketplace/actions/scan-a-pr-for-vulnerable-dependencies) to perform the analysis on non-default branches. The Action uses GitHub's [SecurityVulnerability API](https://developer.github.com/v4/object/securityvulnerability/)
new stuff AIzaSyAQfxPJiounkhOjODEO5ZieffeBv6yft2Q