Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review Dependabot Alerts for Sprint 89 #14432

Closed
3 tasks done
Tracked by #14441
ndouglas opened this issue Jul 19, 2023 · 4 comments
Closed
3 tasks done
Tracked by #14441

Review Dependabot Alerts for Sprint 89 #14432

ndouglas opened this issue Jul 19, 2023 · 4 comments
Assignees
@ndouglas
Labels
CMS Team CMS Product team that manages both editor exp and devops DevOps CMS team practice area

Comments

@ndouglas
Copy link
Contributor

ndouglas commented Jul 19, 2023
edited
Loading

User Story

As a DevSecOps engineer, I want to ensure that I'm consistently reviewing and evaluating production alerts so that existing vulnerabilities are assessed and associate risks mitigated.

Acceptance Criteria

  • Indicate the alerts reviewed in this ticket.
  • Track evaluations in this ticket.
  • Review high impacting alerts with PO, PM for work to be prioritized and tickets opened.
@ndouglas ndouglas added Needs refining Issue status DevOps CMS team practice area CMS Team CMS Product team that manages both editor exp and devops and removed Needs refining Issue status labels Jul 19, 2023
@ndouglas ndouglas self-assigned this Jul 19, 2023
@ndouglas
Copy link
Contributor Author

ndouglas commented Jul 20, 2023
edited
Loading

One alert is waiting on an upstream Cypress issue. They have PRs open, it just hasn't been processed yet.

@productmike productmike mentioned this issue Jul 20, 2023
Closed
21 tasks
@ndouglas
Copy link
Contributor Author

ndouglas commented Jul 20, 2023
edited
Loading

https://github.com/department-of-veterans-affairs/va.gov-cms/security/dependabot/143

cypress-io/cypress#27261 for reference.

@ndouglas
Copy link
Contributor Author

On one hand, I kinda want to keep this open and see it resolved. On the other hand, it literally doesn't matter because this is a vulnerability in Cypress, which is only used in testing. I'm struggling to see how it matters if our Drupal site hacks Cypress. Honestly, I wouldn't even be mad in that situation.

@ndouglas
Copy link
Contributor Author

Closing this because it's honestly not worth anyone's time to look at.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ndouglas ndouglas

Labels
CMS Team CMS Product team that manages both editor exp and devops DevOps CMS team practice area
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ndouglas