* [ ] Verify your application doesn't have any failures on the [Security Baseline](https://github.com/mozilla-services/foxsec-results/blob/master/baseline-scan/Baseline-Services.md).
* Contact secops@ or ping 'psiinon' on github to document exceptions to the baseline, mark csrf exempt forms, etc.
I propose we change it to: https://sql.telemetry.mozilla.org/dashboard/security-baseline-top-level-scores with directions to filter for your site (Aaron doesn't have access to that either) and if you don't have access / aren't at Mozilla link to the directions on running the ZAP baseline w/ an appropriate config via docker.
psiinon
commented
5 years ago
For this item:
aamanuel noticed https://github.com/mozilla-services/foxsec-results/blob/master/baseline-scan/Baseline-Services.md isn't externally accessible and the link isn't up to date.
I propose we change it to: https://sql.telemetry.mozilla.org/dashboard/security-baseline-top-level-scores with directions to filter for your site (Aaron doesn't have access to that either) and if you don't have access / aren't at Mozilla link to the directions on running the ZAP baseline w/ an appropriate config via docker.
@psiinon :+1: , :-1: , thoughts?