Open risk-engine-production[bot] opened 9 months ago
Source: GitHub Event - Pull Request - Opened
Total Risk | Threshold | Summary | |
---|---|---|---|
β | 93% | 30% | Total risk is above the repository risk threshold and the repository is not yet approved for automated release. Address risk inputs below to lower the total risk before submitting an Embargo Exception Request to Release Management to facilitate deployment. Click here to start an Embargo Exception Request |
View calculation and risk details on the Risk Engine UI
Input | Risk | Weight | Details | |
---|---|---|---|---|
π΄ | Code Analysis Alerts | 100% | 3 | Unable to assess Code Analysis Alerts - no analysis found - more... |
π΄ | Dynatrace Vulnerability Alerts | 100% | 3 | Unable to check dynatrace vulnerability alerts risk - The application tds-community-production does not appear to be configured correctly. - more... |
π΄ | Vulnerability Alerts | 100% | 1 | Found 97 OPEN and 0 DISMISSED vulnerabilities on branch master - Risk from security vulnerabilities is 100% - See Alerts |
π΄ | Innersource Health | 100% | 1 | Repository telus/tds-community has a public visibility - This should be set to internal to support the Innersource model - more... |
π΄ | Git Branch Protection | 60% | 3 | Branch master is missing the following protections: Requires Status Checks , Requires Code Owner Reviews , Requires Commit Signatures - more... |
Input | Risk | Weight | Details | |
---|---|---|---|---|
π΄ | Changed Files | 50% | 3 | Checked risk of changed files - Risk from files changed is 50% - Risk from missing required changes is 0% |
π’ | Lines Changed | 6% | 2 | +45 additions -0 deletions |
Summary
This PR introduces the
RiskEngineConfig.yaml
file, enabling Risk Engine in your team's repository. For a deeper understanding, please visit here. While Risk Engine assumes reasonable defaults for your project, we recommend tailoring yourriskEngineConfig.yaml
prior to merging this PR. See the Risk Engine Config File Setup guide for assistance.What is Risk Engine?
Risk Engine is an automated tool for risk assessment. Its design promotes responsible deployment within digital organizations without causing bureaucratic delays. Developers receive comprehensive insights about their deployments while preserving their autonomy, integrating seamlessly into existing deployment pipelines. Through comprehensive observability, consistent change management, and scalable assessments, Risk Engine aims to reduce incidents and safeguard customer experiences. More details here
Whatβs In It For Me?
Risk Engine streamlines deployment by auto-approving passing risk assessments, eliminating waits for Release Management approvals, and providing essential non-blocking checks missed by other CI/CD tools. Designed with modularity in mind, Risk Engine allows extensive customization and sharing of plugins across teams, ensuring risk assessments are tailored to specific needs. At it's core, Risk Engine enhances organizational reliability by detecting and informing on potential issues and leveraging deployment data to refine both the tool itself and overall deployment and reliability practices. More details here
Need Assistance?
For any questions or support related to the Risk Engine, please get in touch in our slack channel: #risk-engine-support.