[DSEC-907] Notify AppSec team when Trivy action fails #337
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
zbedo
commented
Jul 25, 2024
•
zbedo
commented
- Submitter: Include the JIRA issue number in the PR description
- Submitter: Make sure Swagger is updated if API changes
- Submitter: If updating admin endpoints, also update firecloud-admin-cli
- Submitter: Check documentation and code comments. Add explanatory PR comments if helpful.
- Submitter: JIRA ticket checks:
- Acceptance criteria exists and is met
- Note any changes to implementation from the description
- To Demo flag is set
- Release Summary is filled out, if applicable
- Add notes on how to QA
- Submitter: Update RC_XXX release ticket with any config or environment changes necessary
- Submitter: Update FISMA documentation if changes to:
- Authentication
- Authorization
- Encryption
- Audit trails
- Submitter: If you're adding new libraries, sign us up to security updates for them
- Tell the tech lead (TL) that the PR exists if they wants to look at it
- Anoint a lead reviewer (LR). Assign PR to LR
- Review cycle:
- LR reviews
- Rest of team may comment on PR at will
- LR assigns to submitter for feedback fixes
- Submitter rebases to develop again if necessary
- Submitter makes further commits. DO NOT SQUASH
- Submitter updates documentation as needed
- Submitter reassigns to LR for further feedback
- TL sign off
- LR sign off
- Product Owner sign off
- Assign to submitter to finalize
- Submitter: Verify all tests go green, including CI tests
- Submitter: Squash commits and merge to develop
- Submitter: Delete branch after merge
- Submitter: Test this change works on dev environment after deployment. YOU own getting it fixed if dev isn't working for ANY reason!
- Submitter: Verify swagger UI on dev environment still works after deployment
- Submitter: Inform other teams of any API changes via Slack and/or email
- Submitter: Mark JIRA issue as resolved once this checklist is completed
aednichols
approved these changes
Jul 25, 2024
There was a problem hiding this comment.
Seems great to me once @zbedo confirms the SLACK_WEBHOOK_URL value is set 👍
marctalbott
approved these changes
Jul 25, 2024
aednichols
approved these changes
Jul 25, 2024
Co-authored-by: Adam Nichols <aednichols@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.