Security 3.22 Tracking issue
Created by: ElizabethStirling
Plan
This iteration, we want to resolve container scan vulnerabilities, initiate scanning of compute nodes, and host a dummy security repository on Sourcegraph Cloud as a proof of concept. This will ensure that our underlying infrastructure has no significant known flaws. Additionally, by having this proof of concept private repository, we can validate our design, and ensure that there are no obvious flaws in our access control.
Goal: Resolve container vulnerabilities with a score of at least 4.0, or have plans to resolve when resolutions are released.
Goal: All compute nodes are continuously scanned for known security vulnerabilities, and the security team is alerted when one is found.
Goal: We connect our test security repository to Sourcegraph Cloud and only members who can access that repository on GitHub can access that repository on Sourcegraph Cloud. These people are the organization owners, and members of the security team. Note that this depends on our ability to host private code on Sourcegraph Cloud.
Availability
Period is from 2020-10-20 to 2020-11-20. Please write the days you won't be working and the number of working days for the period.
Chayim: 1d (2020-11-03)
Tracked issues
@unassigned: 2.00d
-
Team Security Tracking: Vulnerability scan and analysis (#15477) 2.00d -
( 🏁 1 day ago) One-time scan of external attack surface ports (#15478) 2.00d
-
Completed: 2.00d
-
( 🏁 1 day ago) One-time scan of external attack surface ports (#15478) 2.00d
@ElizabethStirling: 10.00d
-
Team Security Tracking: Vulnerability scan and analysis (#15477) 3.00d -
( 🏁 7 days ago) Triage issues in Google Security Command center, close easy wins (#15542) 3.00d
-
Completed: 10.00d
-
( 🏁 14 days ago) Configure Cloudflare WAF (#15159) 5.00d -
( 🏁 10 days ago) Enable rate limiter in dotcom (#15539) 1.00d -
( 🏁 7 days ago) Triage issues in Google Security Command center, close easy wins (#15542) 3.00d -
( 🏁 4 days ago) Re-permission, document, or deactivate public buckets (#15758) 1.00d
@chayim: 7.00d
-
Team Security Tracking: Vulnerability scan and analysis (#15477) 2.00d -
( 🏁 12 days ago) Vulnerability scans of all insiders containers (#13551) 2.00d
-
Completed: 7.00d
-
( 🏁 22 days ago) Review source code scan results and eliminate false positives (#15043) 2.00d -
( 🏁 22 days ago) Set up centralized logging infrastructure (#13552) 1.00d -
( 🏁 12 days ago) Vulnerability scans of all insiders containers (#13551) 2.00d -
( 🏁 5 days ago) Analyze and fix a container vulnerability (#14089) 2.00d