Epic Goal*
Close out all critical and important weaknesses and vulnerabilities identified by RapiDAST as part of DAST scanning within SDL.
Why is this important? (mandatory)
DAST can improve the build-in security posture of a system by detecting misconfigurations or insecure coding practices. It can also increase user confidence in RODOO's security posture, reduce costs by finding design flaws early and before release, and reduce exposure to weaknesses other methods may not cover.
Scenarios (mandatory)
Provide details for user scenarios including actions to be performed, platform specifications, and user personas.
- n/a
Dependencies (internal and external) (mandatory)
n/a
Contributing Teams(and contacts) (mandatory)
Our expectation is that teams would modify the list below to fit the epic. Some epics may not need all the default groups but what is included here should accurately reflect who will be involved in delivering the epic.
- Development - Mitigate weaknesses/vulns
- Documentation - Document any accepted weaknesses/vulns
- QE - Test/retest any weaknesses/vulns
Done - Checklist (mandatory)
The following points apply to all epics and are what the OpenShift team believes are the minimum set of criteria that epics should meet for us to consider them potentially shippable. We request that epic owners modify this list to reflect the work to be completed in order to produce something that is potentially shippable.
- CI Testing - Basic e2e automationTests are merged and completing successfully
- Documentation - Content development is complete.
- QE - Test scenarios are written and executed successfully.
- Technical Enablement - Slides are complete (if requested by PLM)
- Engineering Stories Merged
- All associated work items with the Epic are closed
- Epic status should be “Release Pending”
See full results of DAST findings here: https://docs.google.com/document/d/1HWyJqBHsBX2u14DTyO9-spHe6PfOxS5qE9tyclSnCaI/edit?usp=sharing
1.
|
Access to host network | Closed | Jan Chaloupka | ||
2.
|
Root file system is not read-only | Closed | Jan Chaloupka | ||
3.
|
Access to host ports | Closed | Jan Chaloupka | ||
4.
|
Root file system is not read-only | Closed | Jan Chaloupka | ||
5.
|
Access to host network | Closed | Jan Chaloupka | ||
6.
|
Root file system is not read-only | Closed | Jan Chaloupka | ||
7.
|
Access to host ports | Closed | Jan Chaloupka | ||
8.
|
Access to host network | Closed | Jan Chaloupka | ||
9.
|
Root file system is not read-only | Closed | Jan Chaloupka | ||
10.
|
Access to host ports | Closed | Jan Chaloupka |