-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit services exposed on GAE #239
Comments
Suggest starting off doing an audit which lists what containers, what ports are exposed. Then development team would use this to determine whether this is correct |
Looking into docker scout |
scout: difficult to scan containers instead of images. Will develop best practices for running containers |
Partly covered by SOPs, but need to start building some actual monitoring processes on the GAEs for:
Additional to collecting this data, we would also need to consider what resources are available to monitor the data collected. Perhaps some dashboards would ease the burden |
Now collecting audit data for:
|
CVE monitoring needs to be rolled out to each GAE:
|
Definition of Done / Acceptance Criteria
We will have demonstrated to the best of our knowledge that the (micro-)services we are running:
Testing
Could imagine some tests being made automatically as part of a system test. Eg. run a
netstat -an
before and after or something?Some might have to be manual.
Some of this is about raising awareness that will feed into code reviews, etc.
Documentation
This should definitely be documented for the sake of future developers. This relates to our action coming away from the TI planning retrospective of having better low-level/design documentation.
Dependencies
No response
Details and Comments
This would mainly involve going through our docker-compose files, bringing up a test system on the GAE and seeing what ports it opens, listing the authentication/etc status of each service in a short document.
The dev team can do this ourselves, but we may also need external expert input to make sure we haven't overlooked something.
The text was updated successfully, but these errors were encountered: