Hands-on exercise 1 – Performing code review, dependency checks, and secret scanning on the IDE
To complete this hands-on exercise, you need to have completed the hands-on exercise (Hands-on exercise 1 – Provisioning the lab VM) from the previous chapter where we provisioned the lab VM. In this exercise, we will be performing code reviews, checking dependency vulnerabilities, and scanning for secrets within our code. This is an important phase of shifting security left as we get to identify and fix many vulnerabilities before committing the code.
In this exercise, we will use the eShopOnWeb
application. This application is related to eShopOnContainers application which focuses on containers and microservices. eShopOnWeb on the other hand focuses on traditional web application development. Figure 4.18 shows the reference architecture of the eShopOnContainers application:
Figure 4.18 – eShopOnContainers reference architecture (Source...