Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pipeline Security, Rights and Service Accounts #247

Closed
7 tasks done
DerekRoberts opened this issue Apr 18, 2020 · 1 comment
Closed
7 tasks done

Pipeline Security, Rights and Service Accounts #247

DerekRoberts opened this issue Apr 18, 2020 · 1 comment
Assignees
@Sybrand @DerekRoberts @Kyubinhan
Labels
Ready User Story or Task Ready to be pulled into sprint Task Technical task that cannot be written as a user story

Comments

@DerekRoberts
Copy link
Member

DerekRoberts commented Apr 18, 2020
edited
Loading

Describe the task
The pipeline, particularly Jenkins, is run by security accounts with admin access. This is fine initially, but must be scaled to back to reduce vectors for attack and the impact of any attacks that do occur.

Acceptance Criteria

  • Assess current GitHub and OpenShift accounts and rights
  • Reduce rights of existing accounts and services
  • Remove users no longer requiring rights
  • Remove stale service accounts
  • Assign more accounts less rights, but over more tasks
  • Reduce frequency of admin-level rights, even for team members
  • General security assessment
@DerekRoberts DerekRoberts added the Task Technical task that cannot be written as a user story label Apr 18, 2020
@DerekRoberts DerekRoberts changed the title Assess Pipeline Security, Reduce Rights/Vectors for Attack Pipeline Security, Rights and Service Accounts Apr 27, 2020
@DerekRoberts
Copy link
Member Author

Critical, but not urgent.

@DerekRoberts DerekRoberts added the Ready User Story or Task Ready to be pulled into sprint label Apr 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Sybrand Sybrand

@DerekRoberts DerekRoberts

@Kyubinhan Kyubinhan

Labels
Ready User Story or Task Ready to be pulled into sprint Task Technical task that cannot be written as a user story
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Sybrand @DerekRoberts @Kyubinhan