-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathDevSecOps7.cshtml
More file actions
181 lines (169 loc) · 8.09 KB
/
DevSecOps7.cshtml
File metadata and controls
181 lines (169 loc) · 8.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
@page
@model DevSecOps7Model
@{
ViewData["Title"] = "DevSecOps 7 - GitHub Advanced Security";
}
<div class="container">
<div class="row">
<div class="col-12">
<h1 class="display-4 text-primary">@ViewData["Title"]</h1>
<p class="lead">Explore the cutting-edge features and capabilities of GitHub Advanced Security (GHAS)</p>
<hr />
</div>
</div>
<!-- Alert for TempData messages -->
@if (TempData["RegexResult"] != null)
{
<div class="alert alert-info alert-dismissible fade show" role="alert">
@TempData["RegexResult"]
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
}
@if (TempData["RegexError"] != null)
{
<div class="alert alert-danger alert-dismissible fade show" role="alert">
@TempData["RegexError"]
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
}
<div class="row">
<!-- Latest GHAS News Section -->
<div class="col-lg-8">
<div class="card mb-4">
<div class="card-header bg-dark text-white">
<h3 class="card-title mb-0">
<i class="bi bi-shield-check"></i> Latest GitHub Advanced Security News
</h3>
</div>
<div class="card-body">
@if (Model.LatestNews.Any())
{
<div class="list-group list-group-flush">
@foreach (var newsItem in Model.LatestNews)
{
<div class="list-group-item d-flex align-items-start">
<span class="badge bg-success rounded-pill me-3 mt-1">NEW</span>
<div>
<p class="mb-1">@newsItem</p>
<small class="text-muted">Updated: @DateTime.Now.ToString("MMM dd, yyyy")</small>
</div>
</div>
}
</div>
}
else
{
<p class="text-muted">No news available at this time.</p>
}
</div>
</div>
<!-- GHAS Features Overview -->
<div class="card mb-4">
<div class="card-header bg-primary text-white">
<h3 class="card-title mb-0">Core GHAS Features</h3>
</div>
<div class="card-body">
<div class="row">
<div class="col-md-6">
<h5><i class="bi bi-search"></i> Code Scanning</h5>
<p>Automated vulnerability detection using CodeQL semantic analysis engine.</p>
<h5><i class="bi bi-key"></i> Secret Scanning</h5>
<p>Detect and prevent secrets from being committed to repositories.</p>
</div>
<div class="col-md-6">
<h5><i class="bi bi-layers"></i> Dependency Review</h5>
<p>Understand security impact of dependency changes in pull requests.</p>
<h5><i class="bi bi-graph-up"></i> Security Overview</h5>
<p>Organization-wide security posture visibility and compliance tracking.</p>
</div>
</div>
</div>
</div>
</div>
<!-- Sidebar with Demo Tools -->
<div class="col-lg-4">
<!-- Security Demo Section -->
<div class="card mb-4">
<div class="card-header bg-warning text-dark">
<h4 class="card-title mb-0">
<i class="bi bi-exclamation-triangle"></i> Security Demo
</h4>
</div>
<div class="card-body">
<p class="text-muted small">
This page contains intentionally vulnerable code for demonstration purposes.
These vulnerabilities should be detected by GHAS code scanning.
</p>
<!-- Regex Testing Form -->
<form method="post" asp-page-handler="TestRegex" class="mt-3">
<div class="mb-3">
<label for="pattern" class="form-label">Test Regex Pattern:</label>
<input type="text" class="form-control" id="pattern" name="pattern"
placeholder="Enter pattern (e.g., aaa)" value="aaa">
<div class="form-text">
⚠️ This uses a vulnerable regex pattern susceptible to ReDoS attacks.
</div>
</div>
<button type="submit" class="btn btn-warning btn-sm">
<i class="bi bi-play"></i> Test Pattern
</button>
</form>
</div>
</div>
<!-- Quick Links -->
<div class="card">
<div class="card-header bg-info text-white">
<h4 class="card-title mb-0">Quick Links</h4>
</div>
<div class="card-body">
<div class="d-grid gap-2">
<a href="https://docs.github.com/en/code-security" class="btn btn-outline-primary btn-sm" target="_blank">
<i class="bi bi-book"></i> GHAS Documentation
</a>
<a href="https://github.com/github/codeql" class="btn btn-outline-secondary btn-sm" target="_blank">
<i class="bi bi-github"></i> CodeQL Repository
</a>
<a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning" class="btn btn-outline-success btn-sm" target="_blank">
<i class="bi bi-shield-check"></i> Code Scanning Guide
</a>
<a href="https://docs.github.com/en/code-security/secret-scanning" class="btn btn-outline-warning btn-sm" target="_blank">
<i class="bi bi-key"></i> Secret Scanning
</a>
</div>
</div>
</div>
</div>
</div>
<!-- Footer Section -->
<div class="row mt-5">
<div class="col-12">
<div class="alert alert-light" role="alert">
<h5 class="alert-heading">
<i class="bi bi-lightbulb"></i> Pro Tip:
</h5>
<p>
Enable GitHub Advanced Security on your repositories to automatically detect the
security vulnerabilities demonstrated in this page's source code. GHAS will identify
issues like hardcoded credentials, vulnerable regex patterns, and potential log injection attacks.
</p>
<hr>
<p class="mb-0">
Learn more about implementing a comprehensive DevSecOps strategy with
<a href="https://github.com/features/security" target="_blank">GitHub Advanced Security</a>.
</p>
</div>
</div>
</div>
</div>
@section Scripts {
<script>
// Simple script to auto-dismiss alerts after 5 seconds
setTimeout(function() {
const alerts = document.querySelectorAll('.alert-dismissible');
alerts.forEach(alert => {
const bsAlert = new bootstrap.Alert(alert);
bsAlert.close();
});
}, 5000);
</script>
}