MatMoore
commented
6 months ago This looks like a useful integration https://github.com/kunalnagarco/action-cve
Closed tom-webber closed 5 months ago
MatMoore
commented
6 months ago This looks like a useful integration https://github.com/kunalnagarco/action-cve
tom-webber
commented
5 months ago Added action-cve to find-moj-data.
Dependabot isn't capable of detecting helm chart version changes, so another solution will be needed (e.g. renovate) for monitoring changes with DataHub helm charts in the data-catalogue repo.
We will also want to subscribe to new vulnerabilities reported on the DataHub repo
tom-webber
commented
5 months ago Created a workflow to post security DataHub advisories posted on GitHub to the alerts Slack channel.
Attempted to repackage deployment into a helm chart to allow use of a workflow action to track helm chart versions as they are released, and automatically raise pull requests. This was unsuccessful due to limitations with dictating helm chart installation order.
Have settled for subscribing the alert slack channel to releases from the DataHub helm repository, and manual updates.
We should be aware of any security vulnerabilities that have been raised for DataHub (see the Security tab on the GitHub page)
We should especially be alerted when a vulnerability is raised that applies for any of our deployed DataHub versions
Scans to look into: