Hello, I was wondering if the 5GASP testing/certification program has any security-related validations as part of the CI/CD pipeline for network applications?
Thank you.
5GASP has enabled an automated software security vulnerability scanning tool for 5G CNF’s and VNFs, in it’s CI/CD pipelining. The scanning can identify security issues, in container images, virtual machine images, Kubernetes configurations, and AWS installations. It can find OS package & software dependencies, known vulnerabilities (from CVE databases) in the OS packages and software dependencies. It can scan multiple app languages (e.g. Java, Python, C++, RUST) in developed apps and related open source libraries used within the apps. It can scan for Infrastructure as Code issues & misconfigurations, and scan for the exposure of sensitive information and secrets.
For more information about the security tool of 5GASP, please see our releveant github repo: https://github.com/5gasp/SecurityScan