Page MenuHomePhabricator
Create Task
Maniphest T289293

Create initial proof of concept application security pipeline repository
Closed, ResolvedPublic
Actions

Description

...moved some of this to sub-tasks for improved project management...

  • Potentially benchmark and write tests for the above (needs research - this might not be feasible)

Details

TitleReferenceAuthorSource BranchDest Branch
Merge recent project work back to mainrepos/security/gitlab-ci-security-templates!2sbassettscotts-security-testingmain
Customize query in GitLab

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedsbassettT289290 Design and Build Application Security Pipeline Components for Gitlab
 ResolvedbrennenT289292 Create Security Team group within gitlab.wikimedia.org
 ResolvedsbassettT289293 Create initial proof of concept application security pipeline repository
 InvalidthciprianiT294306 Migrate existing proof-of-concept node ci templates to slim node wm node docker images
 InvalidNoneT294307 Research and design basic ci processing scripts (to exit 1 for tools that report errors and generate report artifacts)
 ResolvedsbassettT294309 Finish node/npm initial tool ci templates for npm audit (Node 10, 12, 14)
 ResolvedsbassettT294310 Finish for node/npm initial tool ci templates for npm outdated (Node 10, 12, 14)
 ResolvedsbassettT294311 Finish node/npm initial tool ci templates for auditjs (Node 10, 12, 14)
 ResolvedmmartoranaT294312 Investigate SAST template options now included with Gitlab CE and formulate use-cases and documentation
 ResolvedsbassettT294596 Add minimal yaml file linting as part of ci for security ci templates repository
 ResolvedsbassettT295333 Create a simple tool to check for bidirectional unicode characters
 ResolvedmmartoranaT295374 Create best practices / guidelines documentation for Gitlab application security ci templates
 ResolvedthciprianiT296805 Confirm with releng which docker images make the most sense to use
 ResolvedsbassettT296806 Find optimal solution for projects with nested package.json files (within the context of Gitlab CI)
 ResolvedsbassettT297991 Create semgrep initial tool ci template
 ResolvedsbassettT301828 Create local-php-security-checker/php-security-checker ci yaml template
 ResolvedmmartoranaT301829 Create composer outdated ci yaml template
 ResolvedsbassettT301830 Create safety (w/ poetry support) ci yaml template
 ResolvedmmartoranaT301831 Create nancy ci yaml template
 ResolvedsbassettT301832 Create phan/phan-taint-check plugin port as ci template
 ResolvedsbassettT301833 Create python bandit ci template
 ResolvedmmartoranaT301834 Create gosec ci yaml template
 ResolvedsbassettT303482 Merge templates that are part of initial release to production branch

Event Timeline

sbassett created this task.Aug 19 2021, 7:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 19 2021, 7:22 PM
sbassett assigned this task to Mstyles.Aug 19 2021, 7:51 PM
sbassett triaged this task as Medium priority.
sbassett added a project: user-sbassett.
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett moved this task from Backlog to In Progress on the user-sbassett board.
sbassett updated the task description. (Show Details)Sep 14 2021, 6:58 PM
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)Sep 14 2021, 7:29 PM
sbassett updated the task description. (Show Details)Sep 14 2021, 7:40 PM
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)Sep 21 2021, 7:25 PM
sbassett updated the task description. (Show Details)Sep 21 2021, 7:31 PM
sbassett updated the task description. (Show Details)Sep 21 2021, 7:56 PM
sbassett updated the task description. (Show Details)
brennen moved this task from Inbox to CI & Job Runners on the GitLab board.Sep 28 2021, 6:59 PM
brennen edited projects, added GitLab (CI & Job Runners); removed GitLab.
sbassett changed the task status from Open to Stalled.EditedSep 29 2021, 7:00 PM
sbassett added subscribers: thcipriani, dduvall.

Per a recent chat with @brennen and @thcipriani - we'd love to have a quick chat about (or some async feedback) on our proposed systems design here from @dduvall or anyone else working on kubernetes security deployments. I guess the general question would be: is what we're proposing here for fairly basic security-related CI within Gitlab (the two common use-cases being merge requests and manual runs) potentially compatible with any proposed security-related kubernetes deployment process?

sbassett added a subscriber: brennen.Sep 29 2021, 7:35 PM
sbassett updated the task description. (Show Details)Oct 19 2021, 7:52 PM
sbassett updated the task description. (Show Details)Oct 19 2021, 8:06 PM
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)Oct 19 2021, 8:11 PM
sbassett updated the task description. (Show Details)Oct 19 2021, 8:35 PM
sbassett updated the task description. (Show Details)Oct 19 2021, 10:24 PM
Reedy updated the task description. (Show Details)Oct 20 2021, 4:25 PM
sbassett updated the task description. (Show Details)Oct 25 2021, 7:43 PM
sbassett updated the task description. (Show Details)Oct 25 2021, 9:28 PM
sbassett changed the status of subtask T294310: Finish for node/npm initial tool ci templates for npm outdated (Node 10, 12, 14) from Open to In Progress.
sbassett changed the status of subtask T294309: Finish node/npm initial tool ci templates for npm audit (Node 10, 12, 14) from Open to In Progress.Oct 25 2021, 9:30 PM
sbassett updated the task description. (Show Details)
sbassett changed the status of subtask T294312: Investigate SAST template options now included with Gitlab CE and formulate use-cases and documentation from Open to In Progress.Oct 25 2021, 9:32 PM
sbassett updated the task description. (Show Details)
sbassett added a subtask: T293138: Create Risk Rating Calculator for Security Reviews / Gitlab AppSec CI.Oct 28 2021, 8:09 PM
sbassett closed subtask T294596: Add minimal yaml file linting as part of ci for security ci templates repository as Resolved.Nov 3 2021, 6:52 PM
sbassett closed subtask T294306: Migrate existing proof-of-concept node ci templates to slim node wm node docker images as Invalid.Nov 5 2021, 1:23 AM
thcipriani reopened subtask T294306: Migrate existing proof-of-concept node ci templates to slim node wm node docker images as Open.Nov 10 2021, 6:34 PM
sbassett removed a project: user-sbassett.Nov 10 2021, 9:02 PM
thcipriani closed subtask T294306: Migrate existing proof-of-concept node ci templates to slim node wm node docker images as Invalid.Nov 16 2021, 12:22 AM
sbassett closed subtask T294307: Research and design basic ci processing scripts (to exit 1 for tools that report errors and generate report artifacts) as Invalid.Nov 22 2021, 7:29 PM
sbassett closed subtask T294312: Investigate SAST template options now included with Gitlab CE and formulate use-cases and documentation as Resolved.Dec 1 2021, 3:14 PM
sbassett closed subtask T294309: Finish node/npm initial tool ci templates for npm audit (Node 10, 12, 14) as Resolved.Dec 1 2021, 4:08 PM
sbassett closed subtask T294310: Finish for node/npm initial tool ci templates for npm outdated (Node 10, 12, 14) as Resolved.Dec 1 2021, 4:44 PM
sbassett closed subtask T294311: Finish node/npm initial tool ci templates for auditjs (Node 10, 12, 14) as Resolved.Dec 1 2021, 6:09 PM
sbassett closed subtask T296806: Find optimal solution for projects with nested package.json files (within the context of Gitlab CI) as Resolved.Dec 18 2021, 3:10 AM
sbassett updated the task description. (Show Details)Dec 18 2021, 3:14 AM
sbassett claimed this task.Dec 18 2021, 3:25 AM
sbassett updated the task description. (Show Details)
JJMC89 reopened subtask T297991: Create semgrep initial tool ci template as Open.Dec 21 2021, 12:16 AM
sbassett closed subtask T295333: Create a simple tool to check for bidirectional unicode characters as Resolved.Jan 25 2022, 10:02 PM
sbassett closed subtask T296805: Confirm with releng which docker images make the most sense to use as Resolved.Jan 26 2022, 7:42 PM
sbassett closed subtask T297991: Create semgrep initial tool ci template as Resolved.Feb 2 2022, 10:41 PM
sbassett changed the status of subtask T301829: Create composer outdated ci yaml template from Open to In Progress.Feb 15 2022, 9:30 PM
sbassett changed the status of subtask T301828: Create local-php-security-checker/php-security-checker ci yaml template from Open to In Progress.
sbassett changed the status of subtask T301831: Create nancy ci yaml template from Open to In Progress.Feb 15 2022, 9:35 PM
sbassett updated the task description. (Show Details)Feb 15 2022, 10:25 PM
sbassett changed the status of subtask T295374: Create best practices / guidelines documentation for Gitlab application security ci templates from Open to In Progress.Feb 16 2022, 6:56 PM
sbassett added a subtask: Restricted Task.Feb 16 2022, 7:43 PM
sbassett changed the status of subtask T301830: Create safety (w/ poetry support) ci yaml template from Open to In Progress.
sbassett closed subtask T301828: Create local-php-security-checker/php-security-checker ci yaml template as Resolved.Mar 9 2022, 10:30 PM
sbassett closed subtask T301829: Create composer outdated ci yaml template as Resolved.
sbassett closed subtask T301831: Create nancy ci yaml template as Resolved.Mar 9 2022, 10:34 PM
sbassett changed the status of subtask T301832: Create phan/phan-taint-check plugin port as ci template from Open to In Progress.Mar 11 2022, 4:16 PM
sbassett changed the status of subtask T301833: Create python bandit ci template from Open to In Progress.
sbassett added a comment.Mar 16 2022, 4:30 PM
This comment was removed by sbassett.
sbassett changed the task status from Stalled to In Progress.Mar 16 2022, 4:31 PM
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett moved this task from Our Part Is Done to In Progress on the Security-Team board.
sbassett closed subtask T301830: Create safety (w/ poetry support) ci yaml template as Resolved.
sbassett closed subtask T301833: Create python bandit ci template as Resolved.Mar 16 2022, 4:38 PM
sbassett added a subtask: T303482: Merge templates that are part of initial release to production branch.Mar 25 2022, 8:19 PM
sbassett removed a subtask: T295508: Research best ways to pass certain credentials to external services within application security-related ci templates.
sbassett closed subtask T301834: Create gosec ci yaml template as Resolved.Mar 25 2022, 8:22 PM
sbassett removed a subtask: T293138: Create Risk Rating Calculator for Security Reviews / Gitlab AppSec CI.
sbassett closed subtask T301832: Create phan/phan-taint-check plugin port as ci template as Resolved.Mar 30 2022, 4:27 PM
sbassett removed a subtask: Restricted Task.Mar 31 2022, 7:05 PM
sbassett closed subtask T303482: Merge templates that are part of initial release to production branch as Resolved.
sbassett closed this task as Resolved.Apr 6 2022, 7:21 PM
sbassett closed subtask T295374: Create best practices / guidelines documentation for Gitlab application security ci templates as Resolved.
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.

Resolving for now as sub-tasks for this first phase of work have been completed.

sbassett added a project: GitLab-Application-Security-Pipeline.Jul 13 2023, 7:34 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL