Skip to content

Snyk security scanning

Jump to bottom
Laura Beaufort edited this page Jan 27, 2025 · 6 revisions

A Snyk online account has been set up for FEC to monitor the FECFile Online GitHub repositories. The management of vulnerability alerts will be handled as a weekly rotating task performed by a developer who will log into the Snyk Dashboard (Invitation link here) and perform the following tasks:

  1. Review the vulnerability reports for each of the FECFile Online GitHub repository.
  2. Write up a ticket (1 for each vulnerable package, ok to combine per package if multiple found on the same day) to remediate the vulnerability.
  3. Point and mark each ticket with the following tags: "security", "high priority".
  4. Ticket title should contain the deadline date (Critical/high: 30 days from discovery, Medium: 60 days from discovery, Low: 90 days from discovery)
  5. Move each new ticket into the sprint that will be deployed before the deadline.
  6. Review cloud.gov logs for any security events
  7. Update weekly assignment log with tickets created or "None".

The weekly assignment log can be found in the Google drive 🔒 here 🔒

Clone this wiki locally