XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Pipelines as Code
Labels:

Epic Link:
SRVKP-7753
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Story (Required)

This story captures the identification and resolution of issues found during the review of the countermeasures, ensuring that all necessary improvements are implemented to strengthen OpenShift Pipelines’ security.

Background (Required)

https://issues.redhat.com/browse/SRVKP-4185

Out of scope

<Defines what is not included in this story>

Approach (Required)

<Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

Dependencies

<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

Acceptance Criteria (Mandatory)

Ensure appropriate gosec validation with required include/exclude rules are added as github workflow action (https://github.com/securego/gosec?tab=readme-ov-file#github-action).
The gosec assessment is based on main branch of each assessed repository. The same has to evaluated/cherry-picked to the branches that include supported version of code.
Adopt OpenSSF scorecard and OpenSSF best practices and indicate the status in README. Sample from https://github.com/ossf/scorecard.git :
Address the reported findings specific to the component:

Assessment outcome for T60(https://issues.redhat.com/browse/SRVKP-4378) - https://docs.google.com/spreadsheets/d/1_VouLO0o8l-i1asenzqu9m20hOIhVqPerW0wkhM6-Gc/edit?usp=sharing
Assessment outcome for T281(https://issues.redhat.com/browse/SRVKP-6542) - https://docs.google.com/document/d/1uvUW68G_t0rhvvtT2DU5R_05mcvESdhv3Vb0ya8vv7U/edit?usp=sharing

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

Code is completed, reviewed, documented and checked in
Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
Continuous Delivery pipeline(s) is able to proceed with new code included
Customer facing documentation, API docs etc. are produced/updated, reviewed and published
Acceptance criteria are met

clones

SRVKP-7764 Component level action item identified in response to Threat model counter measure assessment - Tekton Catalog

To Do

is cloned by

SRVKP-7766 Component level action item identified in response to Threat model counter measure assessment - Cache

To Do

Assignee:: Chmouel Boudjnah

Reporter:: Anitha Natarajan

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/06/09 6:32 PM

Updated:: 2025/09/02 12:49 PM

Details

Description

Story (Required)

Background (Required)

Out of scope

Approach (Required)

Dependencies

Acceptance Criteria (Mandatory)

INVEST Checklist

Legend

Done Checklist

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates