darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-10 07:12:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
a45e02d6e5b1c8da52dc03d2ab370ed7467312f8
notifications-api/docs/testing.md
stvnrlly a45e02d6e5 restructure readme & docs
2022-10-20 14:05:23 -04:00

690 B
Raw Blame History

Testing

# install dependencies, etc.
make bootstrap

make test

This will run:

  • flake8 for code styling
  • isort for import styling
  • pytest for the test suite

On GitHub, in addition to these tests, we run:

  • bandit for code security
  • pip-audit for dependency vulnerabilities
  • OWASP for dynamic scanning

CI testing

We're using GitHub Actions. See /.github for the configuration.

To run a local OWASP scan

  1. Run make run-flask from within the dev container.
  2. On your host machine run:
docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/_status -f openapi -c zap.conf
Reference in New Issue View Git Blame Copy Permalink