https://github.com/govtechsg/tlp-capt
https://github.com/govtechsg/tlp-capt
Last synced: 5 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/govtechsg/tlp-capt
- Owner: GovTechSG
- Created: 2021-09-01T03:33:40.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2021-09-01T04:38:42.000Z (almost 5 years ago)
- Last Synced: 2025-01-03T03:12:55.412Z (over 1 year ago)
- Language: JavaScript
- Size: 10.7 KB
- Stars: 1
- Watchers: 10
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# TLP-CAPT
Centralised Agile PenTesting (CAPT) service is a Technical Leadership Programme (TLP 2021 cohort) project by Keith Tay, Toh Kian Hui and Soh Yu Ming. CAPT aims to integrate pentesting into Agile processes where code changes will automatically trigger pentesters to review and provide timely feedback through Jira issues on security vulnerabilities. This is a working POC of CAPT integration with ship.gov.sg Bitbucket and Jira to provide this automated service.
**Automatic creation of pentesting cycle as Jira Epic**
**Automatic generation of code diff link for easy follow up on security findings and fixes**
## Dependencies
NPM depdendencies:
- axios
- knex
- pg
## How to setup
1. Set DB configurations in `db/knexfile.js`
1. Run DB migrations `knex migrate:latest`
1. Run DB seed `knex seed:run --specific=sample.js`
1. Provide dependencies using AWS Lambda layer
1. Deploy `lambdas` in AWS Lambda
1. Setup environment variables required by each of the lambdas (see `lambdas` folder)
1. Setup daily cron tab to call `check_epic` lambda
1. Add `curl https://?proj_code=` in Bamboo to trigger CAPT service whenever there are code changes