Implement Automated Security Testing Pipeline (FEA405)
| Document Type | Feature Description |
| Feature | FEA405 |
| Author | Noora Kuikka |
| Version | 1.0 |
| Date | 19.02.2024 |
Description
The feature entails the establishment of an automated security testing pipeline within the development process of the Tukko Traffic Visualizer project. This pipeline is designed to automatically detect and report security issues as part of the continuous integration and continuous delivery (CI/CD) workflow. By integrating automated security testing into the pipeline, the development team can identify and address security vulnerabilities more efficiently, thereby enhancing the overall security posture of the application.
Feature-related restrictions, requirements, and use cases
| Linked Use Cases | Use Case |
| Linked Requirements | ReqID list |
User Stories related to the feature
| User Story ID | Description | Affected Feature |
|---|---|---|
| US019 | As a developer, I want to have an automated security testing pipeline that detects and reports security issues during the development process. | FEA405 |
| US022 | As a developer, I want to have automated tests that run as part of the CI/CD pipeline to ensure the quality and correctness of the deployed code. | FEA405 |
Links to issues:
Implementation
We used the Gitlab security dashboard options to set up an automated security pipeline utilizing SAST, DAST, dependency checks, and secret detection.
The detailed implementation guide can be found here!
Testing / possible approval criteria
| Test Case | Description |
|---|---|
| Acceptance Test Case | Acceptance Test |
| Functional System Test Case | Test Case |
| Security Test Case | Test Case |