Skip to content

Commit e8273a2

Browse files
CopilotCalinL
Copilot
and
CalinL
committed
feat: Add DevSecOps-10309 demo page with GHAS vulnerabilities and update packages
Co-authored-by: CalinL <10718943+CalinL@users.noreply.github.com>
1 parent 3f15da6 commit e8273a2

4 files changed

Lines changed: 481 additions & 1 deletion

File tree

src/webapp01/Pages/DevSecOps-10309.cshtml

Lines changed: 274 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,274 @@
1+
@page
2+
@model DevSecOps_10309Model
3+
@{
4+
ViewData["Title"] = "DevSecOps Demo 10309 - GitHub Advanced Security";
5+
}
6+
7+
<div class="container">
8+
<div class="row">
9+
<div class="col-12">
10+
<h1 class="display-4 text-primary">@ViewData["Title"]</h1>
11+
<p class="lead">Exploring the latest in GitHub Advanced Security and DevSecOps practices</p>
12+
<hr />
13+
</div>
14+
</div>
15+
16+
<!-- Alert for TempData messages -->
17+
@if (TempData["RegexResult"] != null)
18+
{
19+
<div class="alert alert-info alert-dismissible fade show" role="alert">
20+
@TempData["RegexResult"]
21+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
22+
</div>
23+
}
24+
25+
@if (TempData["RegexError"] != null)
26+
{
27+
<div class="alert alert-danger alert-dismissible fade show" role="alert">
28+
@TempData["RegexError"]
29+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
30+
</div>
31+
}
32+
33+
@if (TempData["SqlResult"] != null)
34+
{
35+
<div class="alert alert-success alert-dismissible fade show" role="alert">
36+
@TempData["SqlResult"]
37+
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
38+
</div>
39+
}
40+
41+
<div class="row">
42+
<!-- Latest GHAS News Section -->
43+
<div class="col-lg-8">
44+
<div class="card mb-4">
45+
<div class="card-header bg-dark text-white">
46+
<h3 class="card-title mb-0">
47+
<i class="bi bi-newspaper"></i> Latest GitHub Advanced Security News - 2026
48+
</h3>
49+
</div>
50+
<div class="card-body">
51+
@if (Model.LatestNews.Any())
52+
{
53+
<div class="list-group list-group-flush">
54+
@foreach (var newsItem in Model.LatestNews)
55+
{
56+
<div class="list-group-item d-flex align-items-start">
57+
<span class="badge bg-success rounded-pill me-3 mt-1">NEW</span>
58+
<div>
59+
<p class="mb-1">@newsItem</p>
60+
<small class="text-muted">Updated: @DateTime.Now.ToString("MMM dd, yyyy")</small>
61+
</div>
62+
</div>
63+
}
64+
</div>
65+
}
66+
else
67+
{
68+
<p class="text-muted">No news available at this time.</p>
69+
}
70+
</div>
71+
</div>
72+
73+
<!-- GHAS Features Deep Dive -->
74+
<div class="card mb-4">
75+
<div class="card-header bg-primary text-white">
76+
<h3 class="card-title mb-0">GitHub Advanced Security Features</h3>
77+
</div>
78+
<div class="card-body">
79+
<div class="row">
80+
<div class="col-md-6">
81+
<h5><i class="bi bi-shield-check"></i> Code Scanning with CodeQL</h5>
82+
<p>Advanced semantic code analysis detecting vulnerabilities including SQL injection, XSS, and insecure deserialization.</p>
83+
84+
<h5><i class="bi bi-key-fill"></i> Secret Scanning</h5>
85+
<p>Automated detection of exposed credentials across 200+ service providers with push protection.</p>
86+
87+
<h5><i class="bi bi-box-seam"></i> Supply Chain Security</h5>
88+
<p>Dependency scanning with Dependabot alerts and automated security updates.</p>
89+
</div>
90+
<div class="col-md-6">
91+
<h5><i class="bi bi-graph-up-arrow"></i> Security Overview Dashboard</h5>
92+
<p>Organization-wide visibility into security posture with compliance reporting.</p>
93+
94+
<h5><i class="bi bi-git"></i> Advanced Security APIs</h5>
95+
<p>Programmatic access to security data for custom integrations and workflows.</p>
96+
97+
<h5><i class="bi bi-robot"></i> AI-Powered Security</h5>
98+
<p>GitHub Copilot for Security provides intelligent remediation suggestions.</p>
99+
</div>
100+
</div>
101+
</div>
102+
</div>
103+
104+
<!-- New in 2026 Section -->
105+
<div class="card mb-4">
106+
<div class="card-header bg-success text-white">
107+
<h3 class="card-title mb-0">
108+
<i class="bi bi-stars"></i> What's New in 2026
109+
</h3>
110+
</div>
111+
<div class="card-body">
112+
<ul class="list-group list-group-flush">
113+
<li class="list-group-item">
114+
<strong>Enhanced CodeQL Analysis:</strong> Support for 15+ new programming languages
115+
</li>
116+
<li class="list-group-item">
117+
<strong>Real-time Security Monitoring:</strong> Instant alerts for new vulnerabilities
118+
</li>
119+
<li class="list-group-item">
120+
<strong>Advanced AI Remediation:</strong> Automated vulnerability fixes powered by GitHub Copilot
121+
</li>
122+
<li class="list-group-item">
123+
<strong>Container Security:</strong> Deep scanning of Docker images and Kubernetes manifests
124+
</li>
125+
<li class="list-group-item">
126+
<strong>Compliance Automation:</strong> Built-in SOC2, ISO 27001, and GDPR compliance tracking
127+
</li>
128+
</ul>
129+
</div>
130+
</div>
131+
</div>
132+
133+
<!-- Sidebar with Demo Tools -->
134+
<div class="col-lg-4">
135+
<!-- Security Demo Section -->
136+
<div class="card mb-4 border-warning">
137+
<div class="card-header bg-warning text-dark">
138+
<h4 class="card-title mb-0">
139+
<i class="bi bi-exclamation-triangle-fill"></i> Security Demo
140+
</h4>
141+
</div>
142+
<div class="card-body">
143+
<p class="text-danger small fw-bold">
144+
⚠️ WARNING: This page contains intentionally vulnerable code for GHAS demonstration purposes.
145+
</p>
146+
<p class="text-muted small">
147+
These vulnerabilities should be detected by GitHub Advanced Security code scanning.
148+
</p>
149+
150+
<!-- Regex Testing Form -->
151+
<form method="post" asp-page-handler="TestRegex" class="mt-3">
152+
<div class="mb-3">
153+
<label for="pattern" class="form-label fw-bold">ReDoS Test:</label>
154+
<input type="text" class="form-control" id="pattern" name="pattern"
155+
placeholder="Enter pattern (e.g., aaaaaaa)" value="aaa">
156+
<div class="form-text">
157+
<i class="bi bi-bug-fill text-danger"></i> Uses vulnerable regex pattern susceptible to ReDoS
158+
</div>
159+
</div>
160+
<button type="submit" class="btn btn-warning btn-sm w-100">
161+
<i class="bi bi-play-fill"></i> Test Regex Pattern
162+
</button>
163+
</form>
164+
165+
<hr />
166+
167+
<!-- SQL Injection Demo -->
168+
<form method="post" asp-page-handler="TestSQL" class="mt-3">
169+
<div class="mb-3">
170+
<label for="userId" class="form-label fw-bold">SQL Injection Test:</label>
171+
<input type="text" class="form-control" id="userId" name="userId"
172+
placeholder="Enter user ID" value="1">
173+
<div class="form-text">
174+
<i class="bi bi-bug-fill text-danger"></i> Uses string concatenation in SQL query
175+
</div>
176+
</div>
177+
<button type="submit" class="btn btn-danger btn-sm w-100">
178+
<i class="bi bi-database"></i> Execute Query
179+
</button>
180+
</form>
181+
</div>
182+
</div>
183+
184+
<!-- Statistics Card -->
185+
<div class="card mb-4">
186+
<div class="card-header bg-info text-white">
187+
<h4 class="card-title mb-0">
188+
<i class="bi bi-bar-chart-fill"></i> GHAS Statistics
189+
</h4>
190+
</div>
191+
<div class="card-body">
192+
<dl class="row mb-0">
193+
<dt class="col-sm-8">Organizations Using GHAS:</dt>
194+
<dd class="col-sm-4 text-end fw-bold">50,000+</dd>
195+
196+
<dt class="col-sm-8">Vulnerabilities Detected:</dt>
197+
<dd class="col-sm-4 text-end fw-bold">10M+</dd>
198+
199+
<dt class="col-sm-8">Secret Patterns Supported:</dt>
200+
<dd class="col-sm-4 text-end fw-bold">200+</dd>
201+
202+
<dt class="col-sm-8">Languages Supported:</dt>
203+
<dd class="col-sm-4 text-end fw-bold">25+</dd>
204+
</dl>
205+
</div>
206+
</div>
207+
208+
<!-- Quick Links -->
209+
<div class="card">
210+
<div class="card-header bg-secondary text-white">
211+
<h4 class="card-title mb-0">
212+
<i class="bi bi-link-45deg"></i> Resources
213+
</h4>
214+
</div>
215+
<div class="card-body">
216+
<div class="d-grid gap-2">
217+
<a href="https://docs.github.com/en/code-security" class="btn btn-outline-primary btn-sm" target="_blank">
218+
<i class="bi bi-book"></i> GHAS Documentation
219+
</a>
220+
<a href="https://github.blog/category/security/" class="btn btn-outline-secondary btn-sm" target="_blank">
221+
<i class="bi bi-newspaper"></i> Security Blog
222+
</a>
223+
<a href="https://github.com/github/codeql" class="btn btn-outline-success btn-sm" target="_blank">
224+
<i class="bi bi-github"></i> CodeQL Repository
225+
</a>
226+
<a href="https://github.com/security" class="btn btn-outline-warning btn-sm" target="_blank">
227+
<i class="bi bi-shield-lock"></i> GitHub Security
228+
</a>
229+
</div>
230+
</div>
231+
</div>
232+
</div>
233+
</div>
234+
235+
<!-- Footer Section -->
236+
<div class="row mt-5">
237+
<div class="col-12">
238+
<div class="alert alert-light border" role="alert">
239+
<h5 class="alert-heading">
240+
<i class="bi bi-lightbulb-fill text-warning"></i> Pro Tip for Developers
241+
</h5>
242+
<p>
243+
This demonstration page intentionally includes common security vulnerabilities such as:
244+
</p>
245+
<ul>
246+
<li>Log forging vulnerabilities</li>
247+
<li>Regular Expression Denial of Service (ReDoS) patterns</li>
248+
<li>Hardcoded credentials</li>
249+
<li>SQL injection vulnerabilities</li>
250+
<li>Insecure deserialization</li>
251+
</ul>
252+
<hr>
253+
<p class="mb-0">
254+
<strong>Enable GitHub Advanced Security</strong> on your repositories to automatically detect these
255+
issues before they reach production. Learn more at
256+
<a href="https://github.com/features/security" target="_blank">github.com/features/security</a>.
257+
</p>
258+
</div>
259+
</div>
260+
</div>
261+
</div>
262+
263+
@section Scripts {
264+
<script>
265+
// Auto-dismiss alerts after 5 seconds
266+
setTimeout(function() {
267+
const alerts = document.querySelectorAll('.alert-dismissible');
268+
alerts.forEach(alert => {
269+
const bsAlert = new bootstrap.Alert(alert);
270+
bsAlert.close();
271+
});
272+
}, 5000);
273+
</script>
274+
}

0 commit comments

Comments
 (0)