This is an example repository for SecDim Sandbox – The Secure Code Learning Wargame. See the sample output in the screenshots below.
This repository contains a simple web application with a few security vulnerabilities. The sandbox-example.yml file contains a GitHub Action workflow that will demonstrate the SecDim Sandbox working. On a push to the master branch, or a pull request, a Docker container will be built and run in the GitHub Action workflow. The container will run Semgrep to analyse the security vulnerabilities of the application. This is uploaded the the repository.
The SecDim Sandbox will then parse the Semgrep results SARIF file and output a SARIF file which will be uploaded to the repository. This SARIF file will contain a link to the relevant security vulnerability to explore and debug. The results of both SecDim Sandbox and Semgrep will be available to view in the GitHub repository’s Security tab.
Feel free to clone the repository and try it out for yourself.