Regularily Scan for Known Security Vulnerabilities (FEA403)
| Document Type | Feature Description |
| Feature | FEA403 |
| Author | Noora Kuikka |
| Version | 0.2 |
| Date | 19.02.2024 |
Description
The feature involves implementing a systematic process to continuously scan the codebase and dependencies of the Tukko Traffic Visualizer project for known security vulnerabilities. This approach helps identify potential security risks, allowing the development team to address them effectively and ensure the overall security and integrity of the application.
Feature-related restrictions, requirements, and use cases
| Linked Use Cases | Use Case |
| Linked Requirements | ReqID list |
User Stories related to the feature
| User Story ID | Description | Affected Feature |
|---|---|---|
| US017 | As a developer, I want to regularly scan the codebase and dependencies for known security vulnerabilities and address them promptly. | FEA403 |
Links to issues:
Implementation
We set up SAST, DAST, dependency scanning and secret detection by utilizing the Gitlab security dashboard and automated pipelines.
The detailed implementation guide can be found here!
Testing / possible approval criteria
| Test Case | Description |
|---|---|
| Acceptance Test Case | Acceptance Test |
| Functional System Test Case | Test Case |
| Security Test Case | Test Case |