Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:

Story Points:
3
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
tech debt catchall/intake

Sprint:
MCO Sprint 248, MCO Sprint 249, MCO Sprint 250
Cost of Delay:
0
WSJF:
0.0

SFDC Cases Links:
SFDC Cases Counter:

Description

As an OpenShift developer, I want to know that my code is as secure as possible by running static analysis on each PR.

Periodically, scans are performed on all OpenShift repositories and the container images produced by those repositories. These scans usually result in numerous OCP bugs being opened into our queue (see linked bugs as an example), putting us in a more reactive state. Instead, we can perform these scans on each PR by following these instructions https://docs.ci.openshift.org/docs/how-tos/add-security-scanning/ to add this to our OpenShift CI configurations.

Done When:

A PR to the openshift/release repository is merged which enables this configuration in a non-gating capacity.
All MCO team members are onboarded into the Snyk scan dashboard.
A preliminary scan report is produced which highlights areas for improvement.

Attachments

Issue Links

is depended on by

MCO-999 Enable blocking SAST scans in OpenShift CI

To Do

links to

openshift/machine-config-operator#4197: MCO-998: sets up MCO repository for Snyk CI scans

openshift/microshift#3060: NO-ISSUE: rebase-main-4.16.0-0.nightly-2024-02-22-180402_amd64-2024-02-22_arm64-2024-02-22

openshift/release#47445: MCO-998: enable synk scans for MCO

Activity

People

Assignee:: Zack Zlotnik

Reporter:: Zack Zlotnik

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024/01/11 3:04 PM

Updated:: 2024/02/27 6:00 PM

Resolved:: 2024/02/27 6:00 PM