A DfE Service Manual and its content is intended for internal use by the DfE service community.

Security assurance

OWasp security tests are run against the staging service environment through a CI process triggered manually. Each run uses the Zapscan docker container spider to run a full scan of the UI interfaces and an API scan of endpoints detailed in the services swagger documentation.