DevOps CIC/D Pipeline Project - Part 2 | Github Actions | SAST | SCA | DAST| Docker | Docker Hub

Description

Security Scanning: Trivy & OWASP ZAP | Part 2 Welcome to Part 2 of my DevOps video series covering the CI/CD development process for the nc-fttx-portal project. In Part 1, we established our foundation with baseline sandbox verification. In this video we will move into active Continuous Integration (CI) by deploying a fully automated Security Scan Pipeline within GitHub Actions. This installment demonstrates how we enforce security from the moment code is pushed. Before any artifact is created for deployment, we validate the Go source code and the container image for vulnerabilities, secrets, and dynamic application weaknesses. What This Video Demonstrates: "Shift-Left" Security: Integrating vulnerability checks early in the CI process. SAST & DAST Automation: Deploying Trivy for static file/image scanning and OWASP ZAP for dynamic application attacks. View the Full Security Scan MD Guide Here: https://github.com/jaycloud336/nc-fttx-portal/blob/main/cicd-automation-security-scan.md