Skip to content
/ secure-ci-cd Public
forked from natanim-kemal/hook

CI/CD pipeline with security analysis (SAST + DAST)

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

modintel/secure-ci-cd

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.github/workflows
.github/workflows
 
 
.zap
.zap
 
 
extension
extension
 
 
src
src
 
 
tests
tests
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Secure CI/CD Pipeline - Phishing Detector Extension

A phishing detection browser extension with Flask API backend, featuring a complete CI/CD pipeline with security analysis -- SAST + DAST.

Project Overview

This project demonstrates a secure CI/CD pipeline implementation with:

  • Static Application Security Testing (SAST) using Semgrep
  • Dynamic Application Security Testing (DAST) using OWASP ZAP
  • Automated vulnerability detection and reporting

Project Structure

secure-ci-cd/
├── .github/
│   └── workflows/
│       └── ci.yml           # CI/CD pipeline configuration
├── .zap/
│   └── rules.tsv            # ZAP scanning rules
├── src/
│   ├── api.py               # Flask API with ML model
│   ├── feature_extraction.py # URL feature extraction
│   └── train.py             # Model training script
├── extension/
│   ├── manifest.json        # Chrome extension manifest
│   ├── background.js        # Background service worker
│   ├── popup.html/js        # Extension popup UI
│   └── content.js           # Content script
├── tests/
│   └── test_api.py          # Unit tests
└── requirements.txt         # Python dependencies

CI/CD Pipeline Stages

The pipeline runs on every push and pull request:

Stage Tool Purpose
Build & Test pytest Run unit tests
Static Analysis Semgrep SAST - Find vulnerabilities in source code
Dynamic Analysis OWASP ZAP DAST - Test running application
Security Summary Custom Aggregate security reports

Quick Start

Run the API locally

cd src
pip install -r ../requirements.txt
python train.py   # Train the ML model first
python api.py     # Start the API server

Run tests locally

pip install pytest
pytest tests/ -v

API Endpoints

Endpoint Method Description
/predict POST Predict if URL is phishing
/health GET Health check
/reload POST Reload the ML model

Security Analysis

This project intentionally includes security vulnerabilities for educational purposes to demonstrate:

  1. How SAST tools detect code-level vulnerabilities
  2. How DAST tools detect runtime vulnerabilities
  3. The importance of security in CI/CD pipelines

⚠️ Warning: This code contains intentional vulnerabilities for demonstration. Do not use in production!

Assignment Information

Course: Software Security
Topic: CI/CD Pipeline with Static & Dynamic Analysis
Tools: GitHub Actions, Semgrep, OWASP ZAP

Team

  • Liyu Desta - UGR/4648/14
  • Fozia Mohammed - UGR/4535/14
  • Eyoab Amare - UGR/4648/14
  • Meaza Tadele - UGR/4648/14
  • Natanim Kemal - UGR/4648/14

License

Educational use only.

About

CI/CD pipeline with security analysis (SAST + DAST)

Topics

zap cicd software-security semgrep

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 60.6%
  • JavaScript 29.5%
  • CSS 6.8%
  • HTML 3.1%