search

digital-analytics-program / gov-wide-code

Provides a set of javascript files and documentation to implement web analytics on US federal websites
http://www.digital.gov/dap
104 stars 55 forks source link

Publish security testing of custom DAP code #60

Closed fulldecent closed 1 year ago

fulldecent commented 7 years ago

The custom DAP code is at https://github.com/digital-analytics-program/gov-wide-code/blob/master/Universal-Federated-Analytics.js

This code is being deployed on every US government website.

A security audit was performed on this code as per https://www.digitalgov.gov/services/dap/common-questions-about-dap-faq/

What type of security measures/testing was done on the code that GSA is asking us to install?

GSA has done an IT security review of the DAP custom GA code. No significant issues were found. Agencies can review our analysis and, in the context of their own infrastructure, follow their processes for securing applications in their infrastructure, adding applications to their Certification and Accreditation analysis, etc. Please contact dap@support.digitalgov.gov to request a copy of our security report.

May this report please be published?

tdlowden commented 7 years ago

Hi @fulldecent, thanks for this request. We have not previously sent the report to non-federal parties, but based on this request, we'll re-examine this policy.

fulldecent commented 7 years ago

@tdlowden Tim thank you for explaining. I have also replied to you privately with some more details.

smarina04 commented 1 year ago

CodeQL analysis enabled.