[Engineer] On call Primary and Secondary for Sprint 2

[BerniXiongA6]

Responsibilities for the primary on-call engineer:

• Monitor the#benefits-vro-alerts channel for alerts triggered through datadog. For any incidents which impact partner team applications, please follow the issue triage procedure below.
• Monitor #benefits-vro-support for potential incidents
• Monitor SecRel
• Monitor Dependabot
• Give Berni the MTTR to post in the Sprint Review Deck

Issue Triage Procedure

Upon receiving a notification, promptly evaluate the severity of the incident and perform triage accordingly.
Collect pertinent information related to the triggered alert(s), with a focus on communicating the impact and, if possible, identifying the root cause. Notify all relevant parties, including LHDI or partner teams, about the observed behavior, and create a corresponding ticket for the issue.
If the issue is considered straightforward to fix, proceed to address it. Notify the team and bring a user story into the current sprint to represent the work.
For issues deemed complex and requiring more discussion, create a ticket and collaborate with the PM to prioritize it effectively.
Maintain transparent and frequent communication with the team and partners through the support channel, especially if the issues hinder their ability to deploy or use applications appropriately.
Document the findings and issues created in a wiki page under the homepage under the heading "Partner Teams" subheading "Partner Team Incident Reports"

See also: wiki page for Incident Response.

Secondary responsibilities

Remain accessible to the primary for assistance as required, and concentrate on addressing smaller tickets or collaborating on larger ones during the Sprint.

[BerniXiongA6]

@PaulKBaumann primary, @Ponnia-M secondary

[lisac]

(i'm swapping in as on-call engineer for 10/3)

The build is failing on Aqua gate check (recent instance). I believe these are false positives and have reached out to Marie.

Extract from my email:

When I review the specific cases, I see that the majority are from the code/configuration for an example app that demonstrates a 3rd party library (/usr/local/aws-cli/v2/2.17.63/dist/awscli/examples/[…]) ; and in no cases is the data specific to the ABD-VRO app. [...] Would you please let me know whether these would qualify as false positives and be eligible for suppression?

[lisac]

implementing this guidance:

The following statement can be used when suppressing the false positive: The files are all AWS CLI documentation files which include examples and therefore flagged as sensitive data, but they do not hold real values.