Merge pull request #18 from fivestars/security

Create security_tools.yaml
fivestars · May 28, 2024 · 8d61814 · 8d61814
2 parents f6e35d0 + b00f4d3
commit 8d61814
Showing 1 changed file with 54 additions and 0 deletions.
diff --git a/security_tools.yaml b/security_tools.yaml
@@ -0,0 +1,54 @@
+# Tribe and Squad identification
+tribe: fivestars
+squad: fivestars
+
+security_tools:
+
+  # Secrets Detection
+  secrets_detection:
+    enabled: 1
+    secrets_scanning: 1
+    pr_based:
+      enabled: 0
+
+  # Static Application Security Testing (SAST)
+  sast:
+    enabled: 1
+    tools:
+      codeQL:
+        enabled: 1
+        config_file_path: '-'
+      veracode:
+        enabled: 0
+      sonarcloud:
+        enabled: 0
+      sobelow:
+        enabled: 0
+      credo:
+        enabled: 0
+      klocwork:
+        enabled: 0
+
+  # SCA (Software Composition Analysis)
+  sca:
+    dependabot:
+      enabled: 1
+      config_file_path: '.github/dependabot.yml'
+    dependency_review:
+      enabled: 0
+
+  # Container Security
+  container_security:
+    trivy:
+      enabled: 0
+      config_file_path: '-'
+
+  # IaC (Infrastructure-as-code) security
+  iac_security:
+    tfsec:
+      enabled: 0
+
+  # Dynamic Application Security Testing (DAST)
+  dast:
+    zap:
+      enabled: 0