Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generator: Set up SonarQube #376

Open
blackfalcon opened this issue Feb 28, 2023 · 2 comments
Open

Generator: Set up SonarQube #376

blackfalcon opened this issue Feb 28, 2023 · 2 comments
Assignees
@Patrick-Daly-AA
Labels
wc-generator
Milestone
Generator RC v4.4

Comments

@blackfalcon
Copy link
Member

blackfalcon commented Feb 28, 2023
edited
Loading

Is your feature request related to a problem? Please describe.

The security standard for Alaska is to use SonarQube

Describe the solution you'd like

The specification of work is as follows:

  1. Remove support for Synk, it is no longer needed
  2. Remove support for Github's CodeQL testing tools
  3. INSTALL SonarQube
  4. Add SECURITY.md file to .github dir

The recommended solution is to use the SonarQube Github action. Reach out to Alaska security to obtain the host: ${{ secrets.SONARQUBE_HOST }} and login: ${{ secrets.SONARQUBE_TOKEN }} auth tokens/secrets for the repos.

Test the workflow with an existing repo before installing into the generator. We need to ensure an end-to-end test of setting this up correctly before we can be sure that this configuration will work with a newly generated repo.

Exit criteria

This issue will be considered closed once a new repo created from the generator comes complete with these updates removing Synk and CodeQL, and installing SonarQube.

There also needs to be a strategy for updating all the Auro repos with these security settings.
@blackfalcon blackfalcon added Type: Feature New Feature auro-generator not-reviewed Issue has not been reviewed by Auro team members labels Feb 28, 2023
@blackfalcon blackfalcon added this to the wc-generator RC (perf) milestone Feb 28, 2023
@blackfalcon blackfalcon removed this from the Generator RC v3.20 milestone May 3, 2023
@blackfalcon
Copy link
Member Author

This work is delayed until we have tokens for SonarCube from DevSecOps. This was reviewed in a team refinement meeting today and this body of work is ready to be addressed as soon as the SonarCube token prereq is addressed.

@blackfalcon blackfalcon removed the not-reviewed Issue has not been reviewed by Auro team members label May 3, 2023
@blackfalcon blackfalcon added this to the Generator RC v4.1 milestone May 3, 2023
@settings settings bot removed the auro-generator label May 9, 2023
@blackfalcon
Copy link
Member Author

SonarQube secrets have been added to all repos as a org secret. This work is ready to be addressed.

@jason-capsule42 jason-capsule42 removed the Type: Feature New Feature label Oct 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Patrick-Daly-AA Patrick-Daly-AA

Labels
wc-generator
Projects
None yet
Milestone
Generator RC v4.4
Development

No branches or pull requests
4 participants
@blackfalcon @braven112 @jason-capsule42 @Patrick-Daly-AA