Merge pull request #105 from f5devcentral/matt-aug24

fist push lab Oct24
f5devcentral · Oct 1, 2024 · 75fdc51 · 75fdc51
2 parents 3a062ab + 4b642f0
commit 75fdc51
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 1 deletion.
diff --git a/docs/class4/module2/.DS_Store b/docs/class4/module2/.DS_Store
diff --git a/docs/class4/module2/lab1.5/lab1.5.rst b/docs/class4/module2/lab1.5/lab1.5.rst
@@ -1,3 +1,24 @@
 Enable API code scanning discovery (under construction)
 =======================================================
 
+F5 Solutions can protect API during the full API Develoment Lifecycle. It means F5 can detect and learn API endpoints when developers push the code into the repository.
+This is call **API Code Scanning Discovery**
+
+The sentence application source code is available into our public Github repository : https://github.com/MattDierick/sentence-source-code
+
+Enable Code Base Integration
+----------------------------
+
+* Goto Web App & API Protection > API Management > Code Base Ingration
+* Add a new code base integration profile
+
+  * Name: github-sentence
+  * Code base: Github Integration
+  * Github Name: f5xclab
+  * GitHub Personal Access Token: paste and blindfold below Token
+
+  .. code-block:: bash
+    
+    sdlkjflksdjglkdfshglkjdflgjldksfgjlksd
+
+
diff --git a/docs/class4/module2/lab3/lab3.rst b/docs/class4/module2/lab3/lab3.rst
@@ -1,7 +1,7 @@
 API Discovery outcomes
 ======================
 
-.. note:: The "discovery" scheduler runs on a random interval within a two hours time window and therefore it can take up to 2 hours (maximum) to see all results in the Dashboard for the "API Discovery outcomes" lab section. You can also continue with the next lab "Advanced Protection - "JWT validation and access control" (module 3) and continue here later.
+.. note:: The "traffic discovery" scheduler runs on a random interval within a two hours time window and therefore it can take up to 2 hours (maximum) to see all results in the Dashboard for the "API Discovery outcomes" lab section. You can also continue with the next lab "Advanced Protection - "JWT validation and access control" (module 3) and continue here later.
 
 Endpoint Discovery
 ------------------

diff --git a/docs/class4/module2/module2.rst b/docs/class4/module2/module2.rst
@@ -3,6 +3,11 @@ Dynamic API Protection
 
 In this section, we will protect the same modern application with F5 Distributed Cloud, but we will enable the **dynamic** protection where SecOps apply the API Discovery and Validation.
 
+API Discovery relies on 3 different engines in order to protect API during the full API Development Lifecycle
+
+* Code Base API discovery: we detect API endpoints from the code
+* Crawler API Discovery (future release): we detect API endpoints from a crawler scanning all API endpoints
+* Traffic API Discovery: we detect API endpoints from user traffic
 
 **Module 2 - All sections**
 

diff --git a/docs/class4/module2/pictures/code-based-repo.png b/docs/class4/module2/pictures/code-based-repo.png