Skip to content

feat(lab10): DefectDojo governance report + capstone walkthrough#1442

Open
prudenz1 wants to merge 1 commit into
inno-devops-labs:mainfrom
prudenz1:feature/lab10
Open

feat(lab10): DefectDojo governance report + capstone walkthrough#1442
prudenz1 wants to merge 1 commit into
inno-devops-labs:mainfrom
prudenz1:feature/lab10

Conversation

@prudenz1

@prudenz1 prudenz1 commented Jul 9, 2026

Copy link
Copy Markdown

Goal

Capstone: aggregate Labs 4–9 scan outputs in DefectDojo, apply SLA matrix, compute program metrics, and produce a 5-minute interview walkthrough.

Changes

  • submissions/lab10.md β€” DefectDojo setup, import table, dedup proof (CVE-2024-37890), governance report
  • submissions/lab10-walkthrough.md β€” timed 5-minute DevSecOps program script + Q&A

Testing

cd labs/lab10/work/dd && ./docker/setEnv.sh release && docker compose up -d
# Import scans via API (Grype, Trivy, Semgrep, Checkov, KICS)
python manage.py dedupe --dedupe_only --dedupe_sync

Observed: 379 raw findings β†’ 331 after dedup; CVE-2024-37890 merged across two Trivy imports (finding 210 canonical).

Artifacts

  • submissions/lab10.md
  • submissions/lab10-walkthrough.md

Checklist

  • Title is clear (feat(labN): <topic> style)
  • No secrets/large temp files committed
  • Submission file at submissions/labN.md exists

Lab 10 Progress

  • Task 1 β€” DefectDojo setup + imports + dedup proof
  • Task 2 β€” Governance report with MTTD/MTTR/SLA/backlog
  • Bonus β€” 5-minute walkthrough script with timed practice

Import Labs 4-9 scan outputs into DefectDojo, document dedup across
Trivy runs, apply SLA matrix, and produce program metrics + interview script.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant