Create Plan of Action for WASA Scan's High Content-Build

[gracekretschmer-metrostar]

User Story or Problem Statement

As the CMS product manager, I need to understand the scope and estimated level of effort to resolve the high issues flagged for content-build in the WASA scan, so that I can integrate the work into an upcoming sprint plan.

As a CMS developer, I need to understand what is need to address the high issues flagged for content-build in the WASA scan.

Description or Additional Context

Per Joe Trice (Preview Environments PM):

Our team is working on what is called Preview Environments - It allows teams to take their new code and combine it with isolated snapshots of the FE/BE repositories, so they can test their code in an isolated and low risk environment. Our intent (and project requirements) includes making these Preview Environments publicly accessible, so teams can use these environments to test with real veteran end users.

In order to get anything publicly accessible, we need to navigate through various stages of an approval process, which we've been working on and towards for quite some time to meet the various requirements that we become aware of. One of these requirements included having code scanning done on our repositories - which surfaced a number of critical & high issues for vets-website, vets-api, and content-build. In order to continue proceeding, we need to resolve the issues on that code scanning report, however it involves fixing a number of items in content-build, which we're not super familiar with.

I was hoping that our teams may be able to collaborate, or to ask you to consider assessing and taking on some of the work to address these code scanning issues, many of which have been around for a long time.

I've taken the liberty of linking to our page on Confluence that lists the known issues from the code scanning report, so your team can look at them - the content-build issues are in/around the middle of the page.

The CMS team has already addressed the critical issues, so now we need to understand the path forward to address the high issues.
 

Relevant Links

• https://vfs.atlassian.net/wiki/spaces/PRT/pages/2942369846/Code+Scanning+Fixes+Required+for+WASA

Steps for Implementation

• Review the Confluence WASA Scan page to determine the high issues that still need to be address.
• Provide an estimation of the level of effort to address high issues and if other product teams (e.g. public websites or facilities) need to be involved in resolving or reviewing fixes.
• Integrate the plan of action into an upcoming sprint.

Acceptance Criteria

• The outstanding high issues, an estimated level of effort to fix, and needed support from other product teams is understood and documented in a plan of action.
• The plan of action for resolving WASA scan's high issues are integrated into an upcoming CMS sprint.

[gracekretschmer-metrostar]

Duplicate of #17647, so I am closing this issue.