Skip to content

Lab 9: DevSecOps: Trivy + ZAP hardening of QuickNotes#1386

Open
danielpancake wants to merge 6 commits into
inno-devops-labs:mainfrom
danielpancake:feature/lab9
Open

Lab 9: DevSecOps: Trivy + ZAP hardening of QuickNotes#1386
danielpancake wants to merge 6 commits into
inno-devops-labs:mainfrom
danielpancake:feature/lab9

Conversation

@danielpancake

Copy link
Copy Markdown

Goal

Scan QuickNotes with Trivy and OWASP ZAP, fix security issues, and document all HIGH/CRITICAL findings

Changes

  • Ran Trivy image, filesystem, and config scans; generated a CycloneDX SBOM
  • Updated the build image to golang:1.26-alpine and added a Docker HEALTHCHECK
  • Added securityHeaders middleware (CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy) with a unit test
  • Ran an OWASP ZAP baseline scan and fixed the X-Content-Type-Options finding (10021)

Testing

  • Trivy image scan: 11 HIGH → 0 HIGH; config scan passes
  • go test ./... passes, including the security headers test
  • ZAP scan: finding 10021 changed from WARN → PASS

Checklist

  • Title is a clear sentence (≤70 chars)
  • Commits are signed (git log --show-signature)
  • submissions/lab9.md updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant