mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 12:45:17 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,84 @@
|
||||
# GitLab DevSecOps Pipeline Workflows
|
||||
|
||||
## Workflow 1: Merge Request Security Review
|
||||
|
||||
```
|
||||
Developer creates merge request
|
||||
|
|
||||
Pipeline triggers security scanners in parallel:
|
||||
[SAST] [Secret Detection] [Dependency Scanning] [License Scanning]
|
||||
|
|
||||
MR Security Widget displays results:
|
||||
- New vulnerabilities introduced
|
||||
- Existing vulnerabilities fixed
|
||||
- Comparison with target branch
|
||||
|
|
||||
[No Critical/High] --> Reviewers can approve and merge
|
||||
[Critical/High found] --> MR blocked by approval policy
|
||||
|
|
||||
Security team reviews findings
|
||||
|
|
||||
[Confirmed] --> Developer remediates and re-pushes
|
||||
[False Positive] --> Dismissed with documented reason
|
||||
|
|
||||
All findings resolved --> MR eligible for merge
|
||||
```
|
||||
|
||||
## Workflow 2: Container Image Security Gate
|
||||
|
||||
```
|
||||
Docker image built in CI
|
||||
|
|
||||
Container scanning (Trivy) analyzes image layers
|
||||
|
|
||||
Findings categorized by severity
|
||||
|
|
||||
[Below threshold] --> Image pushed to registry with metadata
|
||||
[Above threshold] --> Pipeline fails, image not pushed
|
||||
|
|
||||
Registry stores scan results as artifact
|
||||
|
|
||||
Deployment pulls only scanned/approved images
|
||||
```
|
||||
|
||||
## Workflow 3: DAST Against Staging Environment
|
||||
|
||||
```
|
||||
Application deployed to staging
|
||||
|
|
||||
DAST browser scan initiated against staging URL
|
||||
|
|
||||
Authenticated scan crawls application pages
|
||||
|
|
||||
Active testing for XSS, SQLi, CSRF, etc.
|
||||
|
|
||||
Results added to vulnerability report
|
||||
|
|
||||
[Pass] --> Manual deploy-to-production gate enabled
|
||||
[Fail on critical] --> Staging deployment rolled back
|
||||
|
|
||||
Production deploy requires manual approval
|
||||
```
|
||||
|
||||
## Workflow 4: Vulnerability Lifecycle Management
|
||||
|
||||
```
|
||||
Scanner detects vulnerability
|
||||
|
|
||||
Status: "Detected" in vulnerability report
|
||||
|
|
||||
Security analyst triages finding
|
||||
|
|
||||
[Confirmed vulnerability] [False positive]
|
||||
| |
|
||||
Status: "Confirmed" Status: "Dismissed"
|
||||
Issue created automatically Reason documented
|
||||
|
|
||||
Developer assigned fix
|
||||
|
|
||||
Fix merged, scanner re-runs
|
||||
|
|
||||
Vulnerability no longer detected
|
||||
|
|
||||
Status: "Resolved"
|
||||
```
|
||||
Reference in New Issue
Block a user