Page MenuHomePhabricator

Design and Build Application Security Pipeline Components for Gitlab
Open, MediumPublic

Description

The Wikimedia Security-Team would like to design and build certain components for a modern application security pipeline within the Wikimedia instance of Gitlab (https://gitlab.wikimedia.org/). There is a small (though important) amount of security-related tooling which runs within the context of Gerrit (LibUp, phan-taint-check-plugin). We would like to expand upon these tools by crafting a singular repository where various security-related .gitlab-ci.yml templates would live and be included by relevant repositories via Gitlab's modular CI design. These CI included templates would make use of many of Wikimedia's existing Docker images and provide security-related tools (npm audit, etc.) to be run during various Gitlab CI/CD pipelines and potentially via additional automated and manual triggers.

Related Objects

StatusSubtypeAssignedTask
Opensbassett
Resolvedbrennen
Resolvedsbassett
Invalidthcipriani
InvalidNone
Resolvedsbassett
Resolvedsbassett
Resolvedsbassett
Resolvedmmartorana
Resolvedsbassett
Resolvedsbassett
Resolvedmmartorana
Resolvedthcipriani
Resolvedsbassett
Resolvedsbassett
Resolvedsbassett
Resolvedmmartorana
Resolvedsbassett
Resolvedmmartorana
Resolvedsbassett
Resolvedsbassett
Resolvedmmartorana
Resolvedsbassett
OpenNone
OpenNone
In Progresssbassett
OpenNone
Declinedsbassett
Resolvedmmartorana
Resolvedsbassett
OpenNone
Resolvedsbassett
Openmmartorana

Event Timeline

sbassett triaged this task as Medium priority.Aug 19 2021, 7:11 PM
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett updated the task description. (Show Details)
sbassett added a subtask: Restricted Task.