Skip to content

Add Trivy and ZAP security scanning to QuickNotes#1388

Open
darknesod1-netizen wants to merge 6 commits into
inno-devops-labs:mainfrom
darknesod1-netizen:feature/lab9
Open

Add Trivy and ZAP security scanning to QuickNotes#1388
darknesod1-netizen wants to merge 6 commits into
inno-devops-labs:mainfrom
darknesod1-netizen:feature/lab9

Conversation

@darknesod1-netizen

Copy link
Copy Markdown

Goal

Improve the security of QuickNotes by scanning it with Trivy and OWASP ZAP, documenting all findings, and implementing a security headers fix.

Changes

  • Performed Trivy image, filesystem, and configuration scans and generated a CycloneDX SBOM.
  • Added HTTP security headers through middleware (Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and related headers) with a unit test to verify the middleware.
  • Ran an OWASP ZAP baseline scan, re-scanned after the code changes, and confirmed the selected security header findings were resolved.
  • Documented the Trivy and ZAP findings, including WATCH and ACCEPT dispositions where appropriate.

Testing

  • Trivy image, filesystem, and configuration scans completed successfully.
  • go test ./... passes, including TestSecurityHeadersPresent.
  • ZAP baseline scan re-run after the fix; the resolved security header findings now report as PASS.

Checklist

  • Title is a clear sentence (≤70 characters)
  • Commits are signed
  • submissions/lab9.md updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant