Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APP.4.4.A10 #36

Closed
sluetze opened this issue Nov 7, 2023 · 6 comments
Closed

APP.4.4.A10 #36

sluetze opened this issue Nov 7, 2023 · 6 comments
Assignees
@benruland
Labels
org-only This Requirement of BSI is ONLY an organizational Requirement

Comments

@sluetze
Copy link

sluetze commented Nov 7, 2023

No description provided.

@benruland benruland self-assigned this Dec 5, 2023
@benruland benruland added the new-rules Issue which requires us to write new rules label Dec 5, 2023
@benruland benruland removed their assignment Dec 5, 2023
@benruland benruland added org-only This Requirement of BSI is ONLY an organizational Requirement and removed new-rules Issue which requires us to write new rules org-only This Requirement of BSI is ONLY an organizational Requirement labels Dec 5, 2023
@benruland benruland self-assigned this Dec 18, 2023
@benruland
Copy link

All automation software processes, such as CI/CD and their pipelines, SHOULD only operate
with the rights that are strictly necessary.

Needs to be adressed on a organizational level adhering to the principle of least privilege for all service accounts.
Example: Deployment using a well-configured OpenShift GitOps instance.

If different user groups can change configurations or
start pods via automation software, this SHOULD be done for each group through separate
processes that only have the rights necessary for the respective user group.

Needs to be adressed on a organizational level.

@benruland benruland added the org-only This Requirement of BSI is ONLY an organizational Requirement label Dec 18, 2023
@benruland
Copy link

I have created a PR: ComplianceAsCode#11393

@benruland benruland added the ready-for-review An implementation and a PR have been created label Dec 18, 2023
@benruland benruland moved this from Todo to Upstream PR in sig-bsi-grundschutz tracking Dec 18, 2023
@benruland benruland added ready-for-review An implementation and a PR have been created and removed ready-for-review An implementation and a PR have been created labels Dec 18, 2023
@sluetze
Copy link
Author

sluetze commented Dec 19, 2023

Just a thought, but maybe this is too much: What about having checks to ensure a well-configure GitOps Instance?
This would make it harder for people, who use other CIs, as they would have to exclude this rules.

@sluetze
Copy link
Author

sluetze commented Jan 5, 2024

discussed this with benjamin, we cant make a well configured gitops/pipelines architecture, because of to many possible good architectures.
we wont add checks for this. it will stay org-only

@benruland benruland removed the ready-for-review An implementation and a PR have been created label Feb 7, 2024
@benruland
Copy link

PR created: ComplianceAsCode#11559

@sluetze
Copy link
Author

sluetze commented Jun 7, 2024

merged upstream

@sluetze sluetze closed this as completed Jun 7, 2024
@github-project-automation github-project-automation bot moved this from Upstream PR to Done in sig-bsi-grundschutz tracking Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benruland benruland

Labels
org-only This Requirement of BSI is ONLY an organizational Requirement
Projects
sig-bsi-grundschutz tracking
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benruland @sluetze