Maniphest T325208

tbs: user-story 14: Run a set of security checks on the full service
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	dcaro
	Dec 14 2022, 5:02 PM

Tags

Referenced Files

None

Subscribers

Description

Proposal (incomplete):

Mess with the containers that the tekton task creates, as a user:

try to exec into them
try to run custom commands in them
try to expose secrets/env variables
Try to trigger a build for another user/tool
Try to deny service for other users

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Stalled		LucasWerkmeister	T320140 Migrate wd-shex-infer from Toolforge GridEngine to Toolforge Kubernetes
		Stalled		matmarex	T319707 Migrate dtcheck from Toolforge GridEngine to Toolforge Kubernetes
		Open		None	T320062 Migrate steve-adder from Toolforge GridEngine to Toolforge Kubernetes
		Open		None	T320011 Migrate rfa-voting-history from Toolforge GridEngine to Toolforge Kubernetes
		Open		dcaro	T194332 [Epic] Make Toolforge a proper platform as a service with push-to-deploy and build packs
		In Progress		dcaro	T267374 [tbs.beta] Create a toolforge build service beta release
		Open		None	T325207 tbs: user-story 14: I want have some certainty that the service is secure
		Open		None	T325208 tbs: user-story 14: Run a set of security checks on the full service

Event Timeline

dcaro triaged this task as High priority.Dec 14 2022, 5:02 PM

dcaro created this task.

dcaro added a project: Toolforge Build Service.

dcaro updated the task description. (Show Details)Dec 14 2022, 5:06 PM

KHernandez-WMF mentioned this in T325207: tbs: user-story 14: I want have some certainty that the service is secure.Dec 19 2022, 11:56 PM

fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:23 PM

fnegri moved this task from Kanban to Inbox on the cloud-services-team board.

dcaro raised the priority of this task from High to Needs Triage.Mon, Mar 6, 3:03 PM