Tutorials

The following workflows and tutorials are available.

• SAST code scans using Semgrep This tutorial shows how to scan a codebase using Semgrep, which can scan a wide variety of languages and includes a free version.

• Container image scans with Aqua Trivy This tutorial shows how to scan a container image using Aqua Trivy, a popular open-source scanning tool.

• DAST app scans using Zed Attack Proxy This tutorial shows how to scan an application instance using Zed Attack Proxy (ZAP), an open-source penetration tool for testing web applications.