Open techcobweb opened 5 months ago
As a galasa project user I want to be sure that no secrets are ever checked-in to the codebase for malicious people to use to attack our infrastructure.
The Linux foundation has published some security scan results: https://security.lfx.linuxfoundation.org/#/a092M00001O6R6SQAV/overview
More specifically... https://security.lfx.linuxfoundation.org/#/a092M00001O6R6SQAV/code-secrets
We need to fix all the password and credentials issues in the code control immediately.
Need to look at the problems and be able to list the issues we actually have.
Don't just delete files with secrets in, we have to figure out what secrets have been exposed and change them in the deployed environment.
eg: Do we have to re-install argocd ?
Build a list of actions then we can get a better idea of how long it will take.
Blocked waiting for a way of removing the secrets that the LF scans show up.
Story
As a galasa project user I want to be sure that no secrets are ever checked-in to the codebase for malicious people to use to attack our infrastructure.
Background
The Linux foundation has published some security scan results: https://security.lfx.linuxfoundation.org/#/a092M00001O6R6SQAV/overview
More specifically... https://security.lfx.linuxfoundation.org/#/a092M00001O6R6SQAV/code-secrets
We need to fix all the password and credentials issues in the code control immediately.
Need to look at the problems and be able to list the issues we actually have.
Don't just delete files with secrets in, we have to figure out what secrets have been exposed and change them in the deployed environment.
eg: Do we have to re-install argocd ?
Build a list of actions then we can get a better idea of how long it will take.
Tasks