Security 3.21 Tracking issue
Created by: ElizabethStirling
Plan
We plant to gain visibility into the attack surface of Sourcegraph components, in order to support hosting private code on sourcegraph.com. For this release our focus will be on container visibility.
Goal: Increase visibility into the threat surface of our product by running automated vulnerability scanning, both of our code and of our docker containers. This goal is our top priority, since it will allow us to more accurately prioritize future work.
Goal: Centralize logging in order to allow for analysis of events across the Sourcegraph platform, rather than events as they're contained within a single microservice.
Availability
Period is from 2020-09-20 to 2020-10-20. Please write the days you won't be working and the number of working days for the period.
Elizabeth: 1d, (2020-09-25) Chayim: 3d (2020-09-28, 2020-09-29, 2020-10-06)
Tracked issues
@ElizabethStirling: 2.00d
Completed: 2.00d
-
( 🏁 19 days ago) Send email notifications when important user account information is changed (#7517)🔒 -
( 🏁 9 days ago) Configure GitHub code scanning via CodeQL and OSSAR (#14187) 2.00d
@chayim: 3.50d
Completed: 3.50d
-
( 🏁 22 days ago) ./dev/ci/e2e.sh prints CI password into logs (#6973) 0.50d🔒 -
( 🏁 21 days ago) sourcegraph/security-issues (#97) 1.00d🔒 -
( 🏁 11 days ago) User documentation: data security policy (#13855) 2.00d
@daxmc99: 2.00d
Completed: 2.00d
-
( 🏁 35 days ago) secrets: use base64 and make interface private (#13850) 2.00d
@unknwon: 2.00d
Completed: 2.00d
-
( 🏁 35 days ago) secrets: use base64 and make interface private (#13850) 2.00d