Challenge 03 - Continuous Integration And Security
< Previous Challenge - Home - Next Challenge >
Introduction
The board of the shelter has seen many troubling news stories of breeches into various applications, including those run by non-profits. In fact, organizations which traditionally may not have invested in infrastructure can be popular targets for attackers. The board wants to ensure their application doesn’t contain any vulnerabilities which can be exploited.
Description
For this challenge you will configure scanning for the entire software supply chain for the application. Specifically, you want to scan your code for potential issues when a pull request (PR) is made to the main branch. You also want to confirm the packages the project uses are free from known vulnerabilities. Finally, once you have configured security, you will create a pull request with the code updates you made in the previous challenge.
Scanning for vulnerabilities, running tests, and ensuring code compiles is typically automated as part of a process called continuous integration (CI). CI allows teams to quickly validate new code doesn’t introduce any issues to the existing code base, improving your ability to respond to customer requests and reduce development overhead. For this hack, you will enable GitHub Advanced Security, which is a common part of a complete CI process.
Success Criteria
- Demonstrate that Code scanning is set to run on all pull requests made to
main - Demonstrate that Dependency review is enabled for the repository
- Verify the
mainbranch is configured to require pull requests, and both code scanning and dependency review must succeed for a merge to be completed - Demonstrate that a pull request has been made to main and all checks pass
IMPORTANT: You will merge the PR into
mainin a later challenge