You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 14, 2020. It is now read-only.
Copy file name to clipboardExpand all lines: README.md
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@
18
18
</p>
19
19
20
20
**NOTE**: This Repository contains the stable beta preview of the next major secureCodeBox (SCB) Release v2.
21
-
You can find the current **stable release** here [https://github.com/secureCodeBox/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox).
21
+
You can find the current **stable release** here [https://github.com/secureCodeBox/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox).
22
22
23
23
_The major release of SCB version 2.0 will be available in the next weeks._ The release will contain a major architecture change which will not be backward compatible. More details will follow soon in a series of blog articles.
24
24
@@ -38,7 +38,7 @@ _The major release of SCB version 2.0 will be available in the next weeks._ The
38
38
-[Local Scan Examples](#local-scan-examples)
39
39
-[Public Scan Examples](#public-scan-examples)
40
40
-[Then get the current State of the Scan by running:](#then-get-the-current-state-of-the-scan-by-running)
41
-
-[To delete a scan, use ```kubectl delete```, e.g. for localhost nmap scan:](#to-delete-a-scan-use-kubectl-delete-eg-for-localhost-nmap-scan)
41
+
-[To delete a scan, use `kubectl delete`, e.g. for localhost nmap scan:](#to-delete-a-scan-use-kubectl-delete-eg-for-localhost-nmap-scan)
42
42
-[Access Services](#access-services)
43
43
-[How does it work?](#how-does-it-work)
44
44
-[Architecture](#architecture)
@@ -59,11 +59,11 @@ For additional documentation aspects please have a look at our:
59
59
The typical way to ensure application security is to hire a security specialist (aka penetration tester) at some point in your project to check the application for security bugs and vulnerabilities. Usually, this check is done at a later stage of the project and has two major drawbacks:
60
60
61
61
1. Nowadays, a lot of projects do continuous delivery, which means the developers deploy new versions multiple times each day. The penetration tester is only able to check a single snapshot, but some further commits could introduce new security issues. To ensure ongoing application security, the penetration tester should also continuously test the application. Unfortunately, such an approach is rarely financially feasible.
62
-
2. Due to a typically time boxed analysis, the penetration tester has to focus on trivial security issues (low-hanging fruits) and therefore will not address the serious, non-obvious ones.
62
+
2. Due to a typically time boxed analysis, the penetration tester has to focus on trivial security issues (low-hanging fruit) and therefore will probably not address the serious, non-obvious ones.
63
63
64
64
With the _secureCodeBox_ we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.
65
65
66
-
The purpose of _secureCodeBox_**is not** to replace the penetration testers or make them obsolete. We strongly recommend to run extensive tests by experienced penetration testers on all your applications.
66
+
The purpose of _secureCodeBox_**is not** to replace the penetration testers or make them obsolete. We strongly recommend running extensive tests by experienced penetration testers on all your applications.
67
67
68
68
**Important note**: The _secureCodeBox_ is no simple one-button-click-solution! You must have a deep understanding of security and how to configure the scanners. Furthermore, an understanding of the scan results and how to interpret them is also necessary.
69
69
@@ -77,7 +77,7 @@ There is a German article about [Security DevOps – Angreifern (immer) einen Sc
77
77
78
78
### Deployment (based on Helm)
79
79
80
-
> The install instrucions require you to have the repository cloned and to have your terminal located in the folder of repository.
80
+
> The install instructions require you to have the repository cloned and to have your terminal located in the folder of repository.
81
81
> There are shorthand scripts to un-/install everything in the `bin` directory.
0 commit comments