Include an X-Request-Id in outgoing requests
Problem
When investigating a vulnerability or a configuration failure, tracing the request can be useful. The x-request-id
header is set with a random identifier and used to trace requests through backend services. API Security should include this header with every outbound request and show it in errors.
Proposal
Add an x-request-id
header with a unique GUID. When displaying list of operations in job output, include request id.
Tasks:
-
Have API Security set X-Request-Id
on all outbound requests -
Update operation output to include x-request-id
-
Add new guid field to ScannedResources
table -
Create new migration to create column if it doesn't exist -
Update code where ScannedResources
is saved to include request id header -
Update log output in ci script
-
-
Add unit tests -
Add integration test to worker-entry
-
Publish new container