risk-engine-production[bot]
commented
9 months ago Risk Assessment results for 'feat: add Risk Engine configuration'
Source: GitHub Event - Pull Request - Opened
Assessment Details
- **Assessment ID**: `803782` - **Project**: [`tds-community`](https://github.com/telus/tds-community) - **Owner**: [`telus`](https://github.com/telus) - **PR Number**: [`633`](https://github.com/telus/tds-community/pull/633) - **Commit ID**: 8549a9350ab13542b2e85f5212636a84253b28d7 - **Created At**: `2024-01-09T18:55:59.148Z`Summary
| Total Risk | Threshold | Summary | |
|---|---|---|---|
| β | 93% | 30% | Total risk is above the repository risk threshold and the repository is not yet approved for automated release. Address risk inputs below to lower the total risk before submitting an Embargo Exception Request to Release Management to facilitate deployment. Click here to start an Embargo Exception Request |
Risk Inputs
View calculation and risk details on the Risk Engine UI
Category: Application Status
Risk analysis related to the general configuration and status of the application
Total Application Status Risk: 70
| Input | Risk | Weight | Details | |
|---|---|---|---|---|
| π΄ | Code Analysis Alerts | 100% | 3 | Unable to assess Code Analysis Alerts - no analysis found - more... |
| π΄ | Dynatrace Vulnerability Alerts | 100% | 3 | Unable to check dynatrace vulnerability alerts risk - The application tds-community-production does not appear to be configured correctly. - more... |
| π΄ | Vulnerability Alerts | 100% | 1 | Found 97 OPEN and 0 DISMISSED vulnerabilities on branch master - Risk from security vulnerabilities is 100% - See Alerts |
| π΄ | Innersource Health | 100% | 1 | Repository telus/tds-community has a public visibility - This should be set to internal to support the Innersource model - more... |
| π΄ | Git Branch Protection | 60% | 3 | Branch master is missing the following protections: Requires Status Checks, Requires Code Owner Reviews, Requires Commit Signatures - more... |
See all Risk Inputs
||Input|Risk|Weight|Details| |:--:|--|:--:|:--:|--| |π’|Secret Scanning Alerts|0%|3|_No exposed secret scanning alerts found for this application - [more...](https://github.com/telus/sre-risk-engine/blob/main/docs/api-reference/inputs/secret-scanning-alerts-input.md)_| |π’|Error Budget|0%|0|_Availability score based on an org-wide ~100% uptime this month as of Thu, Nov 10, 6 PM EST. Improve the accuracy of this result by adding your team to the Risk Engine Config File. - [more...](https://github.com/telus/sre-risk-engine/blob/main/docs/api-reference/inputs/error-budget-input.md)_|Category: Change Specific
Risk analysis related to the changes for the current assessment
Total Change Specific Risk: 23
| Input | Risk | Weight | Details | |
|---|---|---|---|---|
| π΄ | Changed Files | 50% | 3 | Checked risk of changed files - Risk from files changed is 50% - Risk from missing required changes is 0% |
| π’ | Lines Changed | 6% | 2 | +45 additions -0 deletions |
Summary
This PR introduces the
RiskEngineConfig.yamlfile, enabling Risk Engine in your team's repository. For a deeper understanding, please visit here. While Risk Engine assumes reasonable defaults for your project, we recommend tailoring yourriskEngineConfig.yamlprior to merging this PR. See the Risk Engine Config File Setup guide for assistance.What is Risk Engine?
Risk Engine is an automated tool for risk assessment. Its design promotes responsible deployment within digital organizations without causing bureaucratic delays. Developers receive comprehensive insights about their deployments while preserving their autonomy, integrating seamlessly into existing deployment pipelines. Through comprehensive observability, consistent change management, and scalable assessments, Risk Engine aims to reduce incidents and safeguard customer experiences. More details here
Whatβs In It For Me?
Risk Engine streamlines deployment by auto-approving passing risk assessments, eliminating waits for Release Management approvals, and providing essential non-blocking checks missed by other CI/CD tools. Designed with modularity in mind, Risk Engine allows extensive customization and sharing of plugins across teams, ensuring risk assessments are tailored to specific needs. At it's core, Risk Engine enhances organizational reliability by detecting and informing on potential issues and leveraging deployment data to refine both the tool itself and overall deployment and reliability practices. More details here
Need Assistance?
For any questions or support related to the Risk Engine, please get in touch in our slack channel: #risk-engine-support.