Vulneratus is a deliberately vulnerable ASP.NET Core web application designed to demonstrate the features of GitHub Advanced Security (GHAS), including:
- Dependabot: Automated dependency vulnerability detection and remediation.
- CodeQL: Static code analysis to find security vulnerabilities in your codebase.
- Secret Scanning: Detection of plaintext secrets and credentials committed to your repository.
This project is intended for educational and demonstration purposes only. It contains known vulnerabilities and insecure coding practices to showcase how GHAS can help identify and remediate security issues in real-world projects.
- Insecure dependency (
Newtonsoft.Json12.0.1) to trigger Dependabot alerts - Plaintext production database connection string in
appsettings.jsonto trigger secret scanning - Insecure login page vulnerable to SQL injection for CodeQL and security demo
- Clone this repository to your own GitHub account.
- Enable GitHub Advanced Security features (Dependabot, CodeQL, Secret Scanning) in your repository settings.
- Review the alerts and findings generated by GHAS.
Warning: Do not deploy this application in a production environment. It is intentionally insecure.
This project is for demonstration purposes and does not include a production license.