matts
matts
We want to ensure all workloads are scanned for security issues before reaching the Azure infrastructure. DoD: - [ ] Look into getting access to Fortify and other existing security...
We want to ensure all workloads are scanned for security issues before reaching the Azure infrastructure. DoD: - [ ] Documentation of gaps in security scanning - [ ] Documentation...
After merging the GHAs imported from Josiah's repo to `master`, we will need to change all references to the remote actions and migrate to our local versions of them. DOD:...
Create a usable PoC of 508 compliance scanner applicable to CI and corresponding workflow boilerplate code.
Identify all instances of container builds and deployments in GH workflows and document their locations, workload type (frontend, backend, etc.) and workflow file, line number.
This is the continuation of importing Josiah's actions into our repo. In this iteration, we need to test them without affecting existing workflows. Tasks: - [ ] create test workflows...
We want to make alerting less burdensome. This work item is to figure out and document ways to: - [ ] filter out the noise - [ ] add context...
./workflows/scan_action_logs.yml: uses: josiahsiegel/runleaks@4dd30d107c03b6ade87978e10c94a77015e488f9 ./workflows/alert_terraform_changes.yml: uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2 ./workflows/deploy_terraform.yml: uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2 ./actions/vpn-azure/action.yml: - uses: josiahsiegel/action-connect-ovpn@794339aff94452216c97f609476c367a43a31295 [runleaks](https://github.com/JosiahSiegel/runleaks/tree/4dd30d107c03b6ade87978e10c94a77015e488f9) (v1.3) -> 4dd30d107c03b6ade87978e10c94a77015e488f9
Provide guidance on prioritization of dependabot PRs DoD: Formal documentation of prioritization of PRs from dependabot