• Laboratório DevSecOps em containers com:
  • Java Goof,
  • Sonar,
  • OWASP ZAP,
  • OWASP Juice Shop,
  • Hawkscan

• Docker
• Docker Compose

• Dentro da pasta clonada executar:
  • docker-compose up

• Docker
• Extension Pack for Java

-This is a collection of Java demo apps that are vulnerable in different ways.

It's divided into modules, each one having its own README:

• Todolist Goof
• Log4Shell Goof
• Quickstart for running both Todolist with Log4Shell in Kubernetes

• http://localhost:9000
• Usuário e senha inicial: admin
• Para entrar no shell do container java-goof execute:

  docker-compose exec java-goof bash

• http://localhost:3000

• http://localhost:8080/zap
• Referência:
  • https://www.zaproxy.org/docs/docker/webswing/
  • https://www.zaproxy.org/docs/docker/about/
  • https://www.zaproxy.org/getting-started/

• Passos para rodar:
  • descomentar o service hawkscan.
  • alterar o conteúdo do arquivo stackhawk.yml
  • alterar o valor do environment API_KEY no service hawkscan
• Referência:
  • https://www.stackhawk.com/