Testing and validating SAST, DAST, Chaos Simulation, Deployment, and RASP
In this section, we will be analyzing all the build stages and looking at how the security tools scan, generate the report, and fail the build. We will also try to bypass the vulnerabilities by tweaking the buildspec file to go to the next stages because the aim of this chapter is to integrate the security tool, scan, and fail rather than fixing the vulnerability. We will start analyzing with the following sequence:
- The first stage after the source is
Build-Secrets. If you navigate to the logs of this CodeBuild project, you will see that this stage first clones the repository and then runs agit secretsscan on the source code. Since there are no secret leakages, this stage succeeds and moves to the next stage, which isBuild-SAST:
Figure 9.25 – CodeBuild logs showing the git secrets scan on source code
- In the
Build-SASTstage, if you go to the build logs of the...
