Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ITE-3: Real-world example of combining TUF and in-toto for packaging Datadog Agent integrations #5

Merged

Conversation

trishankatdatadog
Copy link
Member

Datadog is a monitoring service for cloud-scale applications that monitors servers, databases, tools, and services through a software-as-a-service-based data analytics platform. It supports multiple cloud service providers, including Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Red Hat OpenShift. At the time of this writing, the company servers more than 8,000 customers, and collects trillions of monitoring record points on a daily basis.

The Datadog agent is the software that runs on virtual machines or containers. It collects events and metrics from these virtual machines or containers and sends them to Datadog, where customers can analyze their monitoring and performance data. The agent integrations are plug-ins that collect metrics from services running on customer infrastructure. Presently, there are more than one hundred integrations that come installed out-of-the-box with the Agent.

This ITE discusses the TUF security model used to distribute the Datadog Agent integrations in a compromise-resilient manner.

@trishankatdatadog
Copy link
Member Author

@jhdalek55 @SantiagoTorres @JustinCappos Please send feedback, thanks!

ITE/3/README.adoc Outdated Show resolved Hide resolved
ITE/3/README.adoc Outdated Show resolved Hide resolved
Copy link
Contributor

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the submission. This is a really good document!

I'd like to suggest addition of rationale for the chosen thresholds, etc. to aid readers making their own deployment decisions.

If possible a subsection talking about how in-toto metadata is collected and flows through the system would also be a nice add.

Otherwise, I think it is quite good.

@trishankatdatadog
Copy link
Member Author

@JustinCappos Thanks! Does the security analysis make sense to you?

@JustinCappos
Copy link
Contributor

JustinCappos commented Aug 1, 2019 via email

trishankatdatadog and others added 7 commits April 27, 2020 18:03
Co-Authored-By: Justin Cappos <[email protected]>
I hope I made my way into the right file. I made minimal changes but I have two comments
I feel you need a brief "rationale" at the beginning of the document explaining why DataDog decided to use both systems. I realize this might have been said in one of the other ITEs or TAPs, but I feel since you are presenting this as an example, stating why DataDog went this route would be helpful.
Signed-off-by: Trishank Karthik Kuppusamy <[email protected]>
@trishankatdatadog
Copy link
Member Author

Thanks for all your help, @adityasaky!

@JustinCappos, could we please get another review?

Copy link
Contributor

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from the unaddressed comments I have from before, I don't have new thoughts. I do think that if ITE 2 becomes the best practices document, then my comment about rationale here need not be resolved.

My other comment is minor and potentially can be closed without further changes, but I do think it would make sense to address it.

Signed-off-by: Trishank Karthik Kuppusamy <[email protected]>
Signed-off-by: Trishank Karthik Kuppusamy <[email protected]>
@trishankatdatadog
Copy link
Member Author

@JustinCappos Okay, I resolved your comments above. Is there anything else you'd like to see, or we can we merge now?

Copy link
Contributor

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. This is really helpful.

@trishankatdatadog
Copy link
Member Author

Thanks! Could we merge this?

@SantiagoTorres
Copy link
Member

LGTM, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants