CSP Testing in CI/CD Pipelines

1 min read Web Security Fundamentals

CSP Testing in CI/CD Pipelines

Integrating CSP testing into continuous integration ensures policies remain effective through application changes:

# .github/workflows/csp-testing.yml
name: CSP Security Testing

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  csp-test:
    runs-on: ubuntu-latest
    
    steps:
    - uses: actions/checkout@v2
    
    - name: Setup Node.js
      uses: actions/setup-node@v2
      with:
        node-version: '16'
    
    - name: Install dependencies
      run: npm ci
    
    - name: Build application
      run: npm run build
    
    - name: Start test server
      run: |
        npm run start:test &
        sleep 5
    
    - name: Run CSP tests
      run: npm run test:csp
    
    - name: Analyze CSP coverage
      run: |
        node scripts/analyze-csp.js > csp-report.json
        
    - name: Upload CSP report
      uses: actions/upload-artifact@v2
      with:
        name: csp-report
        path: csp-report.json
    
    - name: Check CSP compliance
      run: |
        score=$(node -e "console.log(require('./csp-report.json').score)")
        if [ $score -lt 80 ]; then
          echo "CSP score too low: $score"
          exit 1
        fi