Base solution for your next web application
Open Closed

Inquiry Regarding Container Security Scans for ASP Zero-based Solutions Using Trivy #12157


User avatar
0
pliaspzero created

Dear ASP Zero Support Team,

We are currently utilizing the ASP Zero framework Angular & ASP.NET CORE (currently version 12.0) . As part of this project, we need to deliver our solution in containers. Specifically, we have two containers (or is it just 1 ? Can we deploy in container only in one image?): one containing the Angular application and the other likely containing the ASP.NET Core component.

Our client has recommended using Trivy for pre-deployment security scans to check for malware and other security vulnerabilities. We would like to know if you have any recommendations or best practices for performing such security scans on solutions based on ASP Zero. Additionally, have you conducted similar scans on your codebase, and if so, could you share your general approach or any relevant documentation?

Your guidance on this matter would be greatly appreciated.

Thank you for your support.

Best regards,


1 Answer(s)
  • User Avatar
    0
    m.aliozkaya created
    Support Team

    Hi @pliaspzero,

    You need two containers. One for Angular and one for the Aspnetcore backend. You can check docker document here. https://docs.aspnetzero.com/aspnet-core-angular/latest/Deployment-Angular-Docker

    We are using OWASP ZAP for security tests. https://docs.aspnetzero.com/aspnet-core-mvc/latest/Security-Test-Core