Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explore the Vulnerabilities in ECR #94

Closed
3 tasks
KazushiR opened this issue Nov 16, 2023 · 2 comments
Closed
3 tasks

Explore the Vulnerabilities in ECR #94

KazushiR opened this issue Nov 16, 2023 · 2 comments
Labels
complexity: large feature: security ready for prioritization role: Security Engineer size: 1pt Can be done in 4-6 hours To Update ! No update has been provided
Milestone
02 Security

Comments

@KazushiR
Copy link
Member

KazushiR commented Nov 16, 2023
edited by ExperimentsInHonesty
Loading

Dependency

Overview

We need to identify security vulnerabilities in our EC2 instances, so that we can create issues to resolve and provide a safe environment for our project's data.

Details

As an Ops member, I'd like to know what type of security vulnerabilities are in place currently within the infrastructure of OPS. I would like to go into the ECR and go to each instance to find the most critical vulnerabilities are currently in place. Write a report on this about each vulnerability and see if there is any way we can mitigate anything.

Action Items

  • Go into the ECR instance
  • Look at each CVE vulnerabilities
  • Document in a Google Doc each vulnerability

Resources/Instructions
Closed
@chelseybeck chelseybeck mentioned this issue Jan 24, 2024
Open
@chelseybeck chelseybeck added this to the 02 Security milestone Apr 25, 2024
@RSkuma RSkuma self-assigned this Sep 9, 2024
@ExperimentsInHonesty
Copy link
Member

@RSkuma
Please provide update

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures or links* (if necessary): "Add any pictures or links that will help illustrate what you are working on."
  • remember to add links to the top of the issue if they are going to be needed again.

@ExperimentsInHonesty ExperimentsInHonesty added the To Update ! No update has been provided label Oct 7, 2024
@ale210 ale210 moved this from In progress (actively working) to Questions/Review in CoP: DevOps: Project Board Feb 9, 2025
@ale210
Copy link
Member

ale210 commented Feb 9, 2025

I think that the original intent was for the author to go into ecr and manually catalog scanning results and place them into a document. It's also not clear if this can be done, as many containers run on alpine linux which is not accessible to the default scanning that ECR uses. It's also not clear if this is referencing ECR or EC2.

If the intent was to go in and catalog something in ECR, I think that it is better to go with some kind of automated scanning as part of GHA. Going to close this issue

@ale210 ale210 closed this as not planned Won't fix, can't repro, duplicate, stale Feb 9, 2025
@github-project-automation github-project-automation bot moved this from Questions/Review to Done in CoP: DevOps: Project Board Feb 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
complexity: large feature: security ready for prioritization role: Security Engineer size: 1pt Can be done in 4-6 hours To Update ! No update has been provided
Projects
CoP: DevOps: Project Board
Status: Done
Milestone
02 Security
Development

No branches or pull requests
6 participants
@ale210 @sudhara @ExperimentsInHonesty @KazushiR @RSkuma @chelseybeck