This is a tool developed within the Cyber Security tooling team to monitor estate-wide usage of the github security advisory service, specifically Dependabot.
* [Lambdas](https://aws.amazon.com/lambda/) which connect to GitHub and Splunk
The staging and developer environments are hosted on the `gds-digital-security-prod` (`779799343306`) AWS account.
The primary codebase is cyber-security-security-advisory-dashboard which contains the instructions to load an existing environment or to create a new environment from scratch.
The tool dumps data to Splunk once a day. If this data stream stops, it's not working. Any alerting can be based on that. There are no more frequent health checks because this tool is not vital to day-to-day, Dependabot is.
There is a Concourse pipeline that runs the unit tests before deploying.
There are instructions for running the unit tests. The unit tests do not require AWS credentials.
There are a few places to look to figure out what's gone wrong.
You can check the status of the Concourse pipeline
If it's all green it should be OK but if the unit tests have failed or if the concourse pipeline itself has failed you should see a non-green task. Amber/brown generally means that Concourse is still running or has failed (it has failed in the past when another pipeline is very resource intensive).
If something has gone wrong with our bit the task should be red. Clicking on the red task will show the logs for the process that failed.
The first place to look is CloudWatch.
Each environment consists of of a lambda.
There are multiple instances of the lambda so it can be helpful to
search CloudWatch insights for ERROR.
fields @timestamp, @message
| filter @message like "ERROR"
| sort @timestamp desc
| limit 20
In the #cyber-security-help slack channel.
Drop an issue on the repository's github issues
Cyber. Or YOU?
It's deployed by the [shared tenancy Concourse](https://cd.gds-reliability.engineering/)
run by RE autom8.
To view the pipeline you need to login and have access to the
cybersecurity-tools space. You can request access from the
[#re-autom8](https://gds.slack.com/messages/CD1F78YJU) team.
The code to deploy the pipeline along with instructions are in the
[csw-concourse/README.md](https://github.com/alphagov/csw-concourse).
To delete an environment run a terraform destroy
To create an environment follow the instructions in the readme.
The infrastructure is created using Terraform from the build/terraform directory.
The audit process is triggered by a scheduled lambda that runs at 11pm everyday
Secrets are stored in SSM Parameter Store.
The lambdas run with an IAM execution role which grants them access to read the SSM parameters at runtime.