AI ASSISTANCE IS STRICTLY PROHIBITED FOR THIS EXERCISE
By participating in this course, you agree to:
- Complete all exercises using your own knowledge and skills
- NOT use AI assistants (GitHub Copilot, ChatGPT, Claude, Bard, etc.)
- NOT use AI-powered code completion or generation tools
- NOT share solutions with other students
- Conduct independent research using official documentation only
Violation of this policy may result in academic sanctions.
For detailed restrictions, see AI-AGENTS.md and LICENSE.txt.
This code is a copy of a tutorial from GitHub. It contains INTENTIONAL security findings but none of them are active. This is for EDUCATION purpose ONLY.
/!\ Note : for education purpose, you should NOT use the template workflow but only the manual setup. You'll have until the end of the course to finish the work and send to it benjamin.hilaire@amadeus.com.
- Create a workflow file
- EXIT : the workflow must PASS and echo the content of
hello_world.txt
- Workflow code
- URL of the BUILD (https://github.com/...../actions/runs/12098085715)
- Screenshot of the ECHO in the build
- Create a new workflow file
- The workflow must build (
npm run build) the application in 1 step and execute tests (npm test) in another - EXIT : All workflows RUN needs to be passing
- Workflow code
- URL of the BUILD (https://github.com/...../actions/runs/12098085715)
- Screenshot of the TEST logs
This exercice is NOT in the previous tutorial but based on the previous exercice. The goal is to run an SCA, find vulnerabilities and fix them.
- Update the workflow from exercice 2
- The workflow must execute an SCA to find vulnerabilities in dependencies
- The code needs to be fixed to update (or remove) the vulnerable dependency. HINT : the update is minimal.
- EXIT : All workflows RUN needs to be passing
- Workflow code
- Screenshot of the SCA run
- URL of the BUILD (https://github.com/...../actions/runs/12098085715)
- SCA finding (dependency name and version)
- Fix proposal
This exercice is NOT in the previous tutorial but based on the previous exercice. The goal is to run an SAST, find 2 critical vulnerabilities and fix them. HINT : for differents reason, you can use the tool BEARER and integrate it in the build workflow.
- Update or create a new workflow
- The workflow must execute a SAST to find issues in code
- The code needs to be fixed to remove the finding
- EXIT : All workflows RUN needs to be passing
- Workflow code
- Screenshot of the SAST critical findings
- URL of the BUILD (https://github.com/...../actions/runs/12098085715)
- SAST findings (files + lines + CWEs + small explanation about the risks)
- Expected format is WORD/PDF/Email with explanations
- 4 exercices, 5 points each
- Max points are given ONLY if all results are present (read carefully)
- Explanation of success or failure is always welcome !
You may continue the tutorial (see SUPPORT.MD) and play with workflow template to learn more about CICD
I recommand to play with the (OWASP Juice Shop)[https://github.com/juice-shop/juice-shop] to scan it and find nice vulnerabilties to train yourself.