Spike: Review pipeline role permissions - Githubissues

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform

https://user-guide.modernisation-platform.service.justice.gov.uk

MIT License

677 stars 291 forks source link

Spike: Review pipeline role permissions #6170

Open davidkelliott opened 4 months ago

davidkelliott commented 4 months ago

User Story

As a security engineer I expect pipelines to have the minimum permissions required So that the principal of least privilege is followed

Value / Purpose

Ensure we are meeting security best practices

Useful Contacts

No response

Additional Information

Risk register number 67. See there for further guidance.

Suggested timebox of 5 days

Proposal / Unknowns

No response

Definition of Done

[ ] Pipline roles reviewed
[ ] Changes made where appropriate
[ ] User docs have been updated
[ ] Another team member has reviewed
[ ] Tests are green

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 90 days with no activity.