New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: add security logging and cwe fields #10256
chore: add security logging and cwe fields #10256
Conversation
Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com>
Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com>
Codecov Report
@@ Coverage Diff @@
## master #10256 +/- ##
==========================================
- Coverage 46.18% 46.16% -0.02%
==========================================
Files 226 226
Lines 27581 27595 +14
==========================================
+ Hits 12737 12739 +2
- Misses 13124 13136 +12
Partials 1720 1720
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
Signed-off-by: notfromstatefarm <86763948+notfromstatefarm@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm in favor of the changes as presented. Thanks @notfromstatefarm!
Here's a flowchart on how to decide which level to use. Do you think we should include this in the docs @crenshaw-dev ? |
@notfromstatefarm I like that! The phrase "has a vulnerability been exposed" seems slightly ambiguous to me though. I'm not sure whether there's a succinct way to clarify. |
As discussed with the security SIG, this PR implements a
security
andcwe
field to be used in logs and standardizes which level should be used. Obviously there is much more work to be done as I have only added this to a couple of logs, but this lays the foundations so that hopefully we can cover a good amount of ground in separate PRs by the v2.5 release.This will be 'good first issue' heaven.
Proposed levels:
credit to @crenshaw-dev for the idea!
cc @crenshaw-dev @jessesuen @todaywasawesome