sig-bsi-grundschutz / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://www.open-scap.org/security-policies/scap-security-guide
Other
7 stars 1 forks source link

APP.4.4.A2 #28

Closed sluetze closed 7 months ago

sluetze commented 10 months ago

Automating the operation of applications in Kubernetes using CI/CD MUST ONLY take place after appropriate planning. The planning MUST cover the entire lifecycle from commissioning to decommissioning, including development, testing, operation, monitoring, and updates. A roles and rights concept and the securing of Kubernetes Secrets MUST be part of the planning.

- No Check Possible
sluetze commented 10 months ago

Since this requirement is completely a "planning" one and we cant technically check it, we will only provide a description, that this is not checkable in the notes section.

@benruland @oliverbutanowitz @ermeratos ACK?

benruland commented 10 months ago

Agreed!

sluetze commented 9 months ago

implemented in Branch A3, since this is only a notes commit

sluetze commented 7 months ago

https://github.com/ComplianceAsCode/content/pull/11501 was merged