To-dos
- Migrate security tooling repo from gerrit to Gitlab (confirm gerrit repo decommission process with releng) (@Mstyles)
- n.b. I have an email to @brennen re: gerrit repo decommissioning guidelines
- Create python-based cli tool with the following initial features:
- Overall risk calculator based upon our current risk management framework and other methodologies, customized for Wikimedia security readiness reviews and related activities
- Support for a variety of inputs (user prompts, json objects)
- Support calculations for several smaller risks, e.g. a list of npm vulnerabilities with associated risk ratings
Resources / Ideas