Challenge 03 - Continuous Integration And Security

< Previous Challenge - Home - Next Challenge >

Introduction

The board of the shelter has seen many troubling news stories of breeches into various applications, including those run by non-profits. In fact, organizations which traditionally may not have invested in infrastructure can be popular targets for attackers. The board wants to ensure their application doesn’t contain any vulnerabilities which can be exploited.

Description

For this challenge you will configure scanning for the entire software supply chain for the application. Specifically, you want to scan your code for potential issues when a pull request (PR) is made to the main branch. You also want to confirm the packages the project uses are free from known vulnerabilities. Finally, once you have configured security, you will create a pull request with the code updates you made in the previous challenge.

Scanning for vulnerabilities, running tests, and ensuring code compiles is typically automated as part of a process called continuous integration (CI). CI allows teams to quickly validate new code doesn’t introduce any issues to the existing code base, improving your ability to respond to customer requests and reduce development overhead. For this hack, you will enable GitHub Advanced Security, which is a common part of a complete CI process.

Success Criteria

IMPORTANT: You will merge the PR into main in a later challenge

Learning Resources