Run security pipeline to generate artifacts to DefectDojo
Estimation
Story points: 3 SP
Estimated focus duration (perfect conditions): 3 days
Estimated pessimistic duration (worst case scenario): 6 days
Description
Click to expand
Who
- @gabriel.chamon -- DevOps
- @ssarioglunn @umair-nunet -- Security engineers, advisors, reviewers
What
- Run security pipeline to generate artifacts to DefectDojo for DMS repository.
How
- Understand the context and the current status of the functionality of generating and sending artifacts to DefectDojo.
- See the related issues in the
Linked items
section for context. - Analyse the pipeline for architecture and bootstrap-node repositories since they were used for developing this functionality.
- Align with @olakunle.oladimeji about the updates for the pipeline he is working on in this issue nunet-infra#208 (closed) and in this repo: https://gitlab.com/nunet/misc-experiments/cicd-coordinated
- The scope of this issue is the security stage 1 of the CICD pipeline. It would be good to have the entirety of the pipeline implemented so far running on the rest of he repos, that is not only security stage but also code quality and unit tests (if any), but only if they don't require non-trivial amount of work.
Why
- Currently the CI/CD pipeline is generating artifacts for security analysis and sending then to DefectDojo. However it is being done just for two repositories (architecture and bootstrap-node) used for developing and testing this functionality.
When
- After CI/CD pipeline updates being done in this issue: nunet-infra#208 (closed)
Acceptance Criteria
Click to expand
- For all necessary projects, the pipeline should create the artifacts and send them for DefectDojo analysis.
Work Breakdown Structure (WBS)
Task | Description | Duration | Status | Start Date | End Date | Comment |
---|---|---|---|---|---|---|
1 | Understand current state of artifacts sent to defectdojo | 4 Hrs | In Progress | 2024-04-19 | ||
1 | Elect one repo to add to the CICD pipeline, document problems | 4 Hrs | Todo | |||
1 | Resolve problems from the elected repo | ? Hrs | Todo | |||
1 | Add rest of repos to the CICD pipeline, solving problems along the way | 12 Hrs | Todo |
Edited by Janaina Senna