Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DevSecOps for DataHub and find-moj-data #32

Closed
tom-webber opened this issue Apr 22, 2024 · 3 comments · Fixed by #128 or #139
Closed

DevSecOps for DataHub and find-moj-data #32

tom-webber opened this issue Apr 22, 2024 · 3 comments · Fixed by #128 or #139
Assignees
@tom-webber
Labels
production-ready Non-functional things

Comments

@tom-webber
Copy link
Contributor

tom-webber commented Apr 22, 2024
edited
Loading

We should be aware of any security vulnerabilities that have been raised for DataHub (see the Security tab on the GitHub page)

We should especially be alerted when a vulnerability is raised that applies for any of our deployed DataHub versions

Scans to look into:

  • software composition analysis (SCA)
  • static application security testing (SAST)
  • dynamic application security testing (DAST)
@jemnery jemnery added the production-ready Non-functional things label Apr 25, 2024
@tom-webber tom-webber self-assigned this May 21, 2024
@tom-webber tom-webber moved this from Todo to In Progress in Data Catalogue May 21, 2024
@MatMoore
Copy link
Contributor

This looks like a useful integration https://github.com/kunalnagarco/action-cve

@tom-webber
Copy link
Contributor Author

tom-webber commented May 23, 2024
edited
Loading

Added action-cve to find-moj-data.

Dependabot isn't capable of detecting helm chart version changes, so another solution will be needed (e.g. renovate) for monitoring changes with DataHub helm charts in the data-catalogue repo.

We will also want to subscribe to new vulnerabilities reported on the DataHub repo

@tom-webber tom-webber changed the title DevSecOps for DataHub DevSecOps for DataHub and find-moj-data May 23, 2024
@tom-webber tom-webber linked a pull request May 29, 2024 that will close this issue
add Slack security alerts for DataHub #128
Merged
@tom-webber tom-webber mentioned this issue May 30, 2024
Merged
@github-project-automation github-project-automation bot moved this from In Progress to Done in Data Catalogue May 31, 2024
@tom-webber tom-webber reopened this May 31, 2024
@tom-webber tom-webber moved this from Done to In Progress in Data Catalogue May 31, 2024
@tom-webber
Copy link
Contributor Author

Created a workflow to post security DataHub advisories posted on GitHub to the alerts Slack channel.

Attempted to repackage deployment into a helm chart to allow use of a workflow action to track helm chart versions as they are released, and automatically raise pull requests. This was unsuccessful due to limitations with dictating helm chart installation order.

Have settled for subscribing the alert slack channel to releases from the DataHub helm repository, and manual updates.

@tom-webber tom-webber linked a pull request Jun 4, 2024 that will close this issue
add GH_TOKEN env for gh api calls #139
Merged
@tom-webber tom-webber moved this from In Progress to Review in Data Catalogue Jun 4, 2024
@github-project-automation github-project-automation bot moved this from Review to Done in Data Catalogue Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tom-webber tom-webber

Labels
production-ready Non-functional things
Projects
Data Catalogue
Status: Done ✅
Milestone
No milestone
3 participants
@MatMoore @jemnery @tom-webber