Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As a user, I want uploaded files to be scanned for malicious code, so that I don't have to call the IT department (RA-05, SI-03) #123

Closed
rahearn opened this issue Oct 29, 2020 · 4 comments
Closed

As a user, I want uploaded files to be scanned for malicious code, so that I don't have to call the IT department (RA-05, SI-03) #123

rahearn opened this issue Oct 29, 2020 · 4 comments
Assignees
@rahearn
Labels
In epic 8 Issue is a child in the indicated parent epic O security-control spike V1.0 MVP Indicates the release version for the issue
Milestone
sprint7

Comments

@rahearn
Copy link
Contributor

rahearn commented Oct 29, 2020
edited by pamlo412
Loading

Task:
Files uploaded to s3 should be scanned for malicious code to keep our users safe.

Possible solutions:
a ClamAV sidecar buildpack.

Exclusions:
@rahearn rahearn changed the title Potential Security Control: scanning s3 bucket for malicious code As a user, I want uploaded files to be scanned for malicious code, so that I don't have to call the IT department Oct 30, 2020
@pamlo412 pamlo412 mentioned this issue Oct 30, 2020
Open
@pamlo412 pamlo412 added this to the V1.0 MVP milestone Oct 30, 2020
@pamlo412
Copy link
Contributor

@rahearn I assigned this issue to the V1.0 MVP milestone on the assumption that it's needed for ATO.

@pamlo412 pamlo412 added the In epic 8 Issue is a child in the indicated parent epic label Oct 30, 2020
@pamlo412 pamlo412 removed this from the V1.0 MVP milestone Oct 31, 2020
@pamlo412 pamlo412 added the V1.0 MVP Indicates the release version for the issue label Oct 31, 2020
@rahearn rahearn changed the title As a user, I want uploaded files to be scanned for malicious code, so that I don't have to call the IT department As a user, I want uploaded files to be scanned for malicious code, so that I don't have to call the IT department (SI-03) Nov 3, 2020
@rahearn rahearn changed the title As a user, I want uploaded files to be scanned for malicious code, so that I don't have to call the IT department (SI-03) As a user, I want uploaded files to be scanned for malicious code, so that I don't have to call the IT department (RA-05, SI-03) Nov 4, 2020
@pamlo412 pamlo412 added the spike label Nov 12, 2020
@pamlo412 pamlo412 mentioned this issue Nov 12, 2020
Closed
@pamlo412 pamlo412 added the O label Nov 12, 2020
@rahearn
Copy link
Contributor Author

rahearn commented Nov 12, 2020

The files can be scanned either while residing in s3, or as they pass through the server, whichever makes more sense for the overall implementation.

@SarahJaine SarahJaine mentioned this issue Nov 12, 2020
Closed
@rahearn
Copy link
Contributor Author

rahearn commented Nov 13, 2020

If a sidecar buildpack is used, then #55 is either a prerequisite or should be done at the same time.

@rahearn rahearn self-assigned this Nov 30, 2020
@rahearn rahearn mentioned this issue Dec 4, 2020
Closed
@rahearn rahearn modified the milestones: sprint6, sprint7 Dec 8, 2020
@rahearn rahearn mentioned this issue Dec 10, 2020
Closed
@rahearn
Copy link
Contributor Author

rahearn commented Dec 10, 2020

Spike complete, work tracked by #203

@rahearn rahearn closed this as completed Dec 10, 2020
rahearn pushed a commit that referenced this issue Jan 22, 2021
@jasalisbury
Merge pull request #123 from adhocteam/js-135-submit-report
d72bb39 
submit report for approval
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rahearn rahearn

Labels
In epic 8 Issue is a child in the indicated parent epic O security-control spike V1.0 MVP Indicates the release version for the issue
Projects
None yet
Milestone
sprint7
Development

No branches or pull requests
2 participants
@rahearn @pamlo412