Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAST Architectural Logic #24

Open
RSEA0651 opened this issue Apr 14, 2023 · 0 comments
Open

SAST Architectural Logic #24

RSEA0651 opened this issue Apr 14, 2023 · 0 comments
Labels
Backend Backend development Activity Secure Code Secure Code integration/check

Comments

@RSEA0651
Copy link
Contributor

RSEA0651 commented Apr 14, 2023
edited
Loading

SAST (Static Application Security Testing):

  • Query Git to determine repository information correlated to deployed application in OCP
  • Use APIs provided by chosen SAST tool to determine project IDs correlated to Git repos
  • Use APIs provided by chosen SAST tool to collect scan results for each code repository.
  • Analyze the results to check for high-risk vulnerabilities and compliance with your organization's security requirements.
  • Generate reports and notifications based on the analysis, highlighting non-compliant repositories and providing guidance on remediation steps.

Psuedo Code

import sast_tool_api
import psycopg2
import json

#Replace with your SAST tool's API client
sast_api_client = sast_tool_api.ApiClient()

#Replace with your PostgreSQL connection settings
conn = psycopg2.connect(database="your_db", user="your_user", password="your_password", host="your_host", port="your_port")

def query_application_for_repos():
"""
Query the application to get a list of Git repositories.
"""
# Implement logic to fetch repositories from your application
return repos

def correlate_repos_to_project_ids(repos):
"""
Correlate Git repositories to project IDs in the SAST tool.
"""
project_ids = {}
for repo in repos:
project_id = sast_api_client.get_project_id_by_repo(repo)
if project_id:
project_ids[repo] = project_id
else:
return None

return project_ids

def get_scan_results(project_ids):
"""
Fetch scan results for the given project IDs using the SAST tool's API.
"""
scan_results = {}
for repo, project_id in project_ids.items():
scan_result = sast_api_client.get_scan_results(project_id)
scan_results[repo] = scan_result

return scan_results

#Other functions remain the same as before

def main():
repos = query_application_for_repos()
project_ids = correlate_repos_to_project_ids(repos)

if project_ids is None:
    print("Compliance check failed: Not all repositories are correlated to project IDs in the SAST tool.")
    return

scan_results = get_scan_results(project_ids)
security_requirements = {}  # Define your organization's security requirements
high_risk_vulnerabilities, non_compliant_repos = analyze_scan_results(scan_results, security_requirements)

generate_reports_and_notifications(high_risk_vulnerabilities, non_compliant_repos)
save_results_to_database(high_risk_vulnerabilities, non_compliant_repos)

if name == "main":
main()
@RSEA0651 RSEA0651 added Backend Backend development Activity Secure Code Secure Code integration/check labels Apr 14, 2023
@RSEA0651 RSEA0651 mentioned this issue Apr 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Backend Backend development Activity Secure Code Secure Code integration/check
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RSEA0651