BDD-Security now available in Docker

 | BDD-Security, Continuum Blog, SecDevOps

BDD-Security is now easier to configure and launch from a Docker container.

Because BDD-Security stores most of its configuration inside a config file (config.xml), it was cumbersome to change the parameters when launching the Docker container.

To solve this we have now made it easier by allowing all of the config.xml attributes to be set via the command line, instead of in the file. This means you can create a docker container with the most commonly used settings configured in the config.xml file, and then change parameters for the test launch via the commandline.

Everything is explained in Github under: “Using config.xml and the command line”.

For those that don’t know, BDD-Security is an open source security testing framework that uses natural language Gherkin syntax to describe security requirements as features. Those same requirements are also executable as standard unit/integration tests which means they can run as part of the build/test/deploy process.

Features & benefits include:

  • Free and Open Source automated testing framework for security
  • Ready to run on a Continuous Integration Server , as part of the build/test/deploy process
  • Upgrade DevOps to SecDevOps
  • Generate reports, to be easily viewed and understood by business and security users
  • Tests are run dynamically against a deployed application, no need to access your source code

BDD-Security is written in Java and based on Cucumber, Selenium 2 (WebDriver), OWASP ZAP and a number of other security tools. This means that any automated testing can be performed, while describing the actions in a easily understandable format.

Why not try it out today!

Did you like this article?

  • Continuum Security Sponsors the Open Security Summit
    Continuum Security Sponsors the Open Security SummitWe’re delighted to announce we are Gold Sponsors of the upcoming Open Security Summit taking place near London on the 4th-8th June. The summit has a unique focus on active collaboration in attendee driven workshops, rather than a speaker driven conference. Here’s a little about the conference: The Open Security Summit 2018 is focused on […]READ MORE
  • Security workflows for DevOps teams with IriusRisk
    Security workflows for DevOps teams with IriusRiskThreat Modeling and defining security requirements is just step one on the journey to building a secure system. The threat model should really inform all downstream security activities, including implementation and testing. But all too often, the model is used only during design and then becomes less and less relevant as the project progresses. This […]READ MORE