Skip to content

chapinb/secure-development-for-all

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
cli_tools
cli_tools
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Secure Development for All

An incremental adoption guide for developers looking to onboard SDLC in your projects.

License

Table of Contents

Roadmap

Consider the following roadmap for implementation:

  1. Install the IDE extensions into your editor and read about any findings the tools have, addressing them as appropriate.

  2. Download some of the mentioned CLI tools and run them against the whole project to see about any areas of improvement outside of your current working files.

  3. Once you feel that your project meets the standards you would like, employ Continuous Integration tools (coming soon) to enforce these standards on your code and future contributions. This increases consistency and confidence as your project evolves.

Tools

This section has a number of options that can be used in concert or independent with each other. They are ordered in the ease of implementation, from easiest to most difficult. Simultaneously they are ordered from individual to team impact (as implementing it yourself is naturally easier to do.)

IDE Extensions

Back to Top

The easiest place to start is by adding tools to your IDE that help identify areas for improvement in your code. Some of these tools are similar across editors while others are only available for a specific tool.

These sections and tools have no particular order.

Visual Studio Code

PyCharm

Vim

CLI tools

Back to Top

For language specific tools, please see the cli_tools/README.md.

pre-commit hooks

pre-commit is a flexible tool that installs itself as a git hook that can run a series of tools against only the changed files in your project. Further, it can be installed to run before each commit, enforcing checks on the files staged for commit.

  • Install:
    • pipx install pre-commit or uv tool install pre-commit
  • Configure:
    • .pre-commit-config.yaml.
    • Please see cli_tools/pre-commit/README.md for sample configuration files that you can employ in your project.
    • pre-commit install --install-hooks to install git hooks
  • Run:
    • git commit to run against staged changes once the git hook is installed
    • pre-commit run to run against staged changes
    • pre-commit run --all to run against all files

As an additional level, you can have your continuous integration (CI) service execute these same tasks across your merge request changes or entire code base to validate the compliance with the pre-commit configuration.

Note: pre-commit is a well known tool for running and managing pre-commit hooks though tools like prek offer compatibility and improved performance that may benefit your workflow.

gitleaks

Gitleaks will scan your commit history and staged changes for signs of possible secrets.

  • Install:
    • brew install gitleaks for macOS
    • docker pull ghcr.io/zricethezav/gitleaks:latest
    • clone and make build
  • Configure:
    • .gitleaks.toml
  • Run:
    • Supports pre-commit and GitHub Actions
    • gitleaks git will scan git history
    • gitleaks dir will scan selected paths

Semgrep

Semgrep is a static application security testing tool that provides support for multiple languages.

  • Install:
    • brew install semgrep
    • pipx install semgrep or uv tool install semgrep
    • docker pull semgrep/semgrep
  • Configure:
  • Run:
    • semgrep scan --config auto will scan with default settings

About

A collection of resources to make it easy to add secure development practices to your project.

Topics

security pre-commit sca devsecops ssdlc

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors