This open-source framework is designed for application security managers and engineers to increase the speed of integration of security practices into the development lifecycle.
Here you may see the process demonstration:
Systems:
- DefectDojo (to manage vulnerabilities)
- Metabase (for metrics)
- GitLab (for pipelines)
People: 1 engineer + 1 manager
Time: 2 weeks for technical integration if all systems exist and the network access is granted
Risks:
- Vulnerabilities will not be fixed without agreement with the business team that reducing the WRT metric is one of its goals
- You may have so many vulnerabilities in your code base that you would need another security engineer to verify them
Gitlab group with all repositories
(Click, it's video)
(Click, it's video)
