Skip to content

Lab9 submission#1325

Open
tdzdslippen wants to merge 2 commits into
inno-devops-labs:mainfrom
tdzdslippen:feature/lab9
Open

Lab9 submission#1325
tdzdslippen wants to merge 2 commits into
inno-devops-labs:mainfrom
tdzdslippen:feature/lab9

Conversation

@tdzdslippen

Copy link
Copy Markdown

Goal

Lab 9 β€” scan QuickNotes with Trivy (image/fs/config + SBOM), run OWASP ZAP baseline, triage findings, and fix missing security headers in code.

Changes

  • submissions/scans/ β€” Trivy reports, CycloneDX SBOM, ZAP before/after JSON+HTML.
  • app/security.go + app/security_test.go β€” SecurityHeaders middleware (X-Content-Type-Options, X-Frame-Options, CSP, COOP, CORP, Referrer-Policy) on all routes.
  • app/main.go β€” wraps the router with the middleware.
  • submissions/lab9.md β€” triage tables + design answers.
  • Includes Lab 6 Dockerfile / compose.yaml as the scan/build baseline.

Testing

  • Trivy 0.59.1: distroless layer clean; 11 HIGH stdlib CVEs triaged as WATCH; fs/config clean.
  • ZAP 2.16.0 baseline: before β€” alerts 10021 + 90004; after rebuild β€” both gone; unit tests assert headers on /health, /notes, /metrics.

Checklist

  • Title is a clear sentence (≀ 70 chars)
  • Commits are signed (git log --show-signature)
  • submissions/labN.md updated

Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant