Help with Devsecops pipeline setup
I am a pentester. My manager had given me a task for cicd integration with checkmarx. I can understand the basic stuff but I am unable to come up with material for the following:
- How do manage secrets in the pipeline (someone suggested me aws kms)
- How to run authenticated scans (apps using okta) using pipeline
- Capturing traffic to run the scans on them.
I would appreciate if someone can help me in this scenario as my job depends on it.