Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cleanup(helm): Drop support for TCP/3000 #11274

Merged
merged 1 commit into from
Nov 22, 2024

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Nov 16, 2024

Support for debug port tcp/3000 was dropped in #10692
This is not needed anymore

@github-actions github-actions bot added the helm label Nov 16, 2024
Copy link

DryRun Security Summary

The pull request for the DefectDojo Django deployment configuration focuses on improving the overall security of the application by removing the debug container port, properly configuring sensitive environment variables using Kubernetes secrets, implementing TLS (HTTPS) communication, including liveness and readiness probes, and configuring security contexts for the containers.

Expand for full summary

Summary:

The changes in this pull request for the DefectDojo Django deployment configuration appear to be focused on improving the overall security of the application. The key changes include the removal of the debug container port, the proper configuration of sensitive environment variables using Kubernetes secrets, the implementation of TLS (HTTPS) communication, and the inclusion of liveness and readiness probes to monitor the health of the application. These changes align with best practices for securing web applications and reducing the attack surface. Additionally, the ability to configure security contexts for the containers further enhances the application's security posture by enforcing least-privilege principles. Overall, the changes in this pull request demonstrate a strong focus on application security and are a positive step towards hardening the DefectDojo deployment.

Files Changed:

  • helm/defectdojo/templates/django-deployment.yaml: This file contains the Kubernetes deployment configuration for the DefectDojo Django component. The key changes include:
    1. Removal of the debug container port (port 3000), eliminating the potential exposure of a debug interface.
    2. Proper configuration of sensitive environment variables, such as database password, Celery broker password, and secret keys, using Kubernetes secrets.
    3. Enabling TLS (HTTPS) communication for the Django application and ensuring that session and CSRF cookies are marked as secure.
    4. Inclusion of liveness and readiness probes to monitor the health of the Django and Nginx containers.
    5. Configuration of security contexts for the Django and Nginx containers to enforce least-privilege principles.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 553a630 into DefectDojo:bugfix Nov 22, 2024
72 checks passed
@kiblik kiblik deleted the helm_tcp_3000 branch November 22, 2024 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants