GRAS - Global Risk Assessment Services

• You will be writing YAML, configuring tools, and committing code: • SAST – Static Application Security Testing - Integrate SonarQube into GitHub Actions for code quality and security scanning • Configure quality gates and security rules for Python, R, and PHP codebases • Set up branch analysis and PR decoration • Dependency Scanning & SCA - Implement Snyk for dependency vulnerability scanning in CI pipelines • Configure Snyk for Python, R, and PHP projects • Set up automated fix PRs and vulnerability tracking • Integrate Snyk with GitHub for continuous monitoring • Container Image Security - Configure AWS ECR Enhanced Scanning for container images • Set up ECR scan-on-push and findings routing to Security Hub • Create Dockerfile security best practices and base image guidelines • Secret Scanning & Management - Configure GitHub secret scanning and push protection • Implement pre-commit hooks • Set up AWS Secrets Manager integration patterns for applications • Security Gates & Pipeline Governance - Create security gates that block deployments on critical/high findings • Configure severity thresholds and exception workflows • Document all configurations for ISO 27001 audit evidence