Skip to content

feat(lab1): triage report + PR template#1037

Open
ashuno wants to merge 2 commits into
inno-devops-labs:mainfrom
ashuno:feature/lab1
Open

feat(lab1): triage report + PR template#1037
ashuno wants to merge 2 commits into
inno-devops-labs:mainfrom
ashuno:feature/lab1

Conversation

@ashuno

@ashuno ashuno commented Jun 12, 2026

Copy link
Copy Markdown

Pull Request

Goal

Deploy OWASP Juice Shop locally, complete security triage report, add PR template, and perform GitHub community engagement for Lab 1.

Changes

  • submissions/lab1.md - Juice Shop deployment details, health checks, security headers analysis, and OWASP Top 10 risk assessment
  • .github/PULL_REQUEST_TEMPLATE.md - Standardized PR template with Goal, Changes, Testing, Artifacts sections and checklist for future laboratory work

Testing

# Verify container is running
docker ps --filter "name=juice-shop"

# Health check - HTTP status code
curl -I http://127.0.0.1:3000

# API endpoint test (first 200 chars)
curl http://127.0.0.1:3000/api/Products | head -c 200

# Security headers verification
curl -I http://127.0.0.1:3000 2>&1 | head -20

# Observed output: HTTP 200 OK, container uptime 43+ minutes, API returns product data, missing CSP and HSTS security headers. ```

Artifacts & Screenshots

Deployment: OWASP Juice Shop running on http://127.0.0.1:3000/

Triage report: Documents exposed API without rate limiting, missing security headers (CSP, HSTS), and lack of MFA

PR template: .github/PULL_REQUEST_TEMPLATE.md with 4 sections + checklist

Checklist

  • Title is clear (feat(lab1): triage report + PR template)
  • No secrets/large temp files committed
  • Submission file at submissions/lab1.md exists

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ashuno