As a DevOps, I want to enhance security practices with systematic audits and proactive alerting

[SonOfLope]

As a DevOps team, we aim to enhance our security posture through systematic audits and swift response mechanisms to maintain secure software repositories. Our goal is to establish robust processes not only for monitoring and assessing security vulnerabilities but also for effective incident management using modern alerting systems. This comprehensive approach will ensure Authorization to Operate (ATO) and Security Assessment & Authorization (SA&A) readiness for our software products.

Goals

• [ ] ai-cfia/howard#200
• [ ] ai-cfia/howard#201
• [ ] ai-cfia/howard#198
• [ ] ai-cfia/howard#199
• [ ] ai-cfia/howard#202

Desired Outcomes

• Consistent monitoring and quick responsiveness to security vulnerabilities across all repositories.
• Real-time incident management with integrated alerting systems, improving resolution times and reducing potential impacts.
• Increased developer engagement and accountability in security practices.
• Comprehensive, well-documented security assessment, audit findings, and alert management processes.

By achieving these goals, we strengthen our software's defense against security threats and ensure a proactive stance in incident management and security assessments.

[rngadam]

this is already covered by Github Security applied to our sources:

I'd be more interested in seeing how we monitor these are turned on for all our repos and how we ensure that security alerts are followed up on systematically by developers.

[SonOfLope]

this is already covered by Github Security applied to our sources:

I'd be more interested in seeing how we monitor these are turned on for all our repos and how we ensure that security alerts are followed up on systematically by developers.

Updated the issue to address this. Converted to an 'Epic' issue