Security checks, reviews, and fitness functions (FOLIO-3582)

[FOLIO-3622] Snyk Developer Security Platform Created: 31/Oct/22  Updated: 30/Nov/23

Status: Open
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None
Parent: Security checks, reviews, and fitness functions

Type: New Feature Priority: P3
Reporter: Craig McNally Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3709 Review what's tracked (or not) by Snyk Closed
Sprint:
Development Team: None
Epic Link: Security checks, reviews, and fitness functions

 Description   

Overview

The purpose of this feature is to utilize the Snyk project to identify potential security risks/vulnerabilities.

NOTE: the FOLIO project is already using Snky, but the feeling is that it's not being used to its full potential.  We can likely get more out of this tool with some effort.

What is Snyk?

From https://snyk.io/what-is-snyk/ :

Snyk (pronounced sneak) is a developer security platform for securing code, dependencies, containers, and infrastructure as code.

Our documentation about our Snyk usage: https://folio-org.atlassian.net/wiki/display/SEC/Snyk

Snyk's own documentation: https://docs.snyk.io/

Scope

  • Investigate, learn, and document Snyk.
    • What knobs can be adjusted to better suite our needs?
    • Can snyk be leveraged for higher quality, more complete scans?
  • Design and implement processes improvements for using Snyk in the FOLIO community.
    • What happens when issues are identified?
      • Notification/alerting mechanisms?  Email? Slack? Other?
      • Automatic JIRA creation?
      • Automatic PR creation?
      • Something else?
  • Use Snyk!

Generated at Thu Feb 08 23:29:28 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.