FEA403-FEA405 - Security testing pipeline and scan for known security vulnerabilities
Test Case ID | TC007 |
Test case designer | Eetu Hyyrynen |
Creation date | 15.04.2024 |
Classification | functional/Performance |
Origin | Feature |
Test description / objective
This test checks if our Tukko's backend and frontend has been scanned for vulnerabilities and if our pipeline has automated security.
Pre-state
Tukko in virtual machine is accessible and running. The needed applications have been installed.
Test Steps
Step | Verify | Some notes |
---|---|---|
1. | Go to our Tukkos fronted | |
2. | Open Vulnerability report on gitlab | |
3. | Look for vulnerabilities |
End-State
Tukkos fronted has scanned some vulnerabilities on our pipeline.
Determination of test result (Pass / Fail Criteria)
- PASS condition: Scan has shown vulnerabilities
- FAIL CONDITION: Our frontend has not been scanning anything