Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-7767

Component level action item identified in response to Threat model counter measure assessment - Plumbing

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Story (Required)

      This story captures the identification and resolution of issues found during the review of the countermeasures, ensuring that all necessary improvements are implemented to strengthen OpenShift Pipelines’ security.

      Background (Required)

      https://issues.redhat.com/browse/SRVKP-4185

      Out of scope

      <Defines what is not included in this story>

      Approach (Required)

      <Description of the general technical path on how to achieve the goal of the story. Include details like json schema, class definitions>

      Dependencies

      <Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

      Acceptance Criteria (Mandatory)

      1. Ensure appropriate gosec validation with required include/exclude rules are added as github workflow action (https://github.com/securego/gosec?tab=readme-ov-file#github-action).
      2. The gosec assessment is based on main branch of each assessed repository. The same has to evaluated/cherry-picked to the branches that include supported version of code.
      3. Adopt OpenSSF scorecard and OpenSSF best practices and indicate the status in README. Sample from https://github.com/ossf/scorecard.git :   
      4. Address the reported findings specific to the component:

       

      INVEST Checklist

      Dependencies identified

      Blockers noted and expected delivery timelines set

      Design is implementable

      Acceptance criteria agreed upon

      Story estimated

      Legend

      Unknown

      Verified

      Unsatisfied

      Done Checklist

      • Code is completed, reviewed, documented and checked in
      • Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
      • Continuous Delivery pipeline(s) is able to proceed with new code included
      • Customer facing documentation, API docs etc. are produced/updated, reviewed and published
      • Acceptance criteria are met

              Unassigned Unassigned
              rh-ee-anataraj Anitha Natarajan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: