Closed patphongs closed 6 years ago
I am currently on step 1, which is to check with security to make sure this tool is approved for use. This requires us to assess the product through our fedramp low tailored approach. I'll pair with @JayRibeiro more to see what is fully needed with this. Until we get approval to use this, we'll have to hold off on any further implementation.
@JayRibeiro Has given us the green light to test out SNYK. This is no longer blocked and can move forward
I have implemented this tool on 4 of our github code repos:
Initial findings have been very positive. Documentation for the tool is clean and simple to use. Documentation can be found here: https://snyk.io/docs/using-snyk/#wizard
Positive findings:
All the items here are complete and will be shared during sprint demo on Monday. Will close this ticket after demo on Monday.
Gemnasium will be shutdown on May 15th. We need to use another tool. This tool, Snyk, was suggested by @LindsayYoung https://snyk.io/. We want to test out a new vulnerability tracking tool before Gemnasium expires. We can hook up both Gemnasium and Snyk at the same time to test it out and when we are ready, we can remove Gemnasium.
CMS first as a test.
Completion Criteria: