...so that I can deploy and make publicly accessible my service without risks for the infrastructure.
π Additional Details
No response
Acceptance Criteria
Given a deployed microservice
When I perform go to AWS dashboards
Then I expect to see vulnerability report
Given a deployed microservice
When I perform if a vulnerability is raised
Then I expect to have github ticket created with priority depending on the criticality of the vulnerability
βοΈ Engineering Details
We should investigate:
AWS inspector which can scan all the docker images available on AWS/ECR and raise alerts on vulnerabilities.
Synk for docker scanning. It has a feature of automatically fixing the vulnerability if itβs easy, or propose a solution for developer to implement. It gives report with criticality sorted.
Github security scanning has a template for a GitHub action for this as well
Checked for duplicates
No - I haven't checked
π§βπ¬ User Persona(s)
PDS manager, SA
πͺ Motivation
...so that I can deploy and make publicly accessible my service without risks for the infrastructure.
π Additional Details
No response
Acceptance Criteria
Given a deployed microservice When I perform go to AWS dashboards Then I expect to see vulnerability report
Given a deployed microservice When I perform if a vulnerability is raised Then I expect to have github ticket created with priority depending on the criticality of the vulnerability
βοΈ Engineering Details
We should investigate: