Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write up how Federalist defends against malicious code in submitted sites #1103

Closed
3 of 4 tasks
wslack opened this issue Aug 4, 2017 · 7 comments
Closed
3 of 4 tasks

Write up how Federalist defends against malicious code in submitted sites #1103

wslack opened this issue Aug 4, 2017 · 7 comments
Assignees
@jmhooper @amirbey @wslack
Labels
compliance documentation

Comments

@wslack
Copy link
Contributor

wslack commented Aug 4, 2017
edited by amirbey

User Story

As a person considering using Federalist, I want to know that malicious outside code can't bring down my build container.

Background (Optional)

This is a common question.

Acceptance Criteria

  • We've looked up the documentation about this and recorded a list of links.
  • We've written down what happens if someone submits malicious code that "takes over" a process to run a cryptominer.
  • We've written down what happens if someone submits malicious code that "takes over" a process to seek to steal the S3 keys that Federalist uses.

After evaluating, edit this part:

Level of effort - medium

Implementation outline (if higher than "low" effort):
@jseppi
Copy link
Contributor

jseppi commented Aug 4, 2017

Will create a google doc

@wslack
Copy link
Contributor Author

wslack commented Nov 28, 2017

@el-mapache interested in this one?

@jseppi
Copy link
Contributor

jseppi commented Feb 16, 2018

Is this even necessary? Has it come up during the pre-ATO work?

@wslack
Copy link
Contributor Author

wslack commented Feb 16, 2018

Its more a thing for customer conversations. It comes up in sales meetings and we don't clearly explain it anywhere.

@wslack wslack assigned amirbey and unassigned jseppi Apr 20, 2018
@wslack wslack changed the title Write up how Federalist secures and limits containers Write up how Federalist defends against malicious code in submitted sites Jun 18, 2018
@amirbey
Copy link
Contributor

amirbey commented Jun 21, 2018

Slack thread with cg-support
https://gsa-tts.slack.com/archives/C09CR1Q9Z/p1529605421000647

@amirbey
Copy link
Contributor

amirbey commented Jul 12, 2018

https://drive.google.com/open?id=1jd7wnIMT9gb643WnTIUMhD7VE3viRsDwb_FkJf-hn-c

@jmhooper
Copy link
Contributor

@wslack wslack closed this as completed Jul 25, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmhooper jmhooper

@amirbey amirbey

@wslack wslack

Labels
compliance documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jseppi @jmhooper @amirbey @wslack