From 31c25e989b63be922d5811535876369451498996 Mon Sep 17 00:00:00 2001 From: Walter Moar Date: Mon, 16 Sep 2024 13:03:40 -0700 Subject: [PATCH] Update SoAR-and-Compliance.md revert the user story titles --- docs/About/SoAR-and-Compliance.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/About/SoAR-and-Compliance.md b/docs/About/SoAR-and-Compliance.md index 208cc45..a7c6bad 100644 --- a/docs/About/SoAR-and-Compliance.md +++ b/docs/About/SoAR-and-Compliance.md @@ -38,7 +38,7 @@ The SoAR section "Assessment", subsection "Vulnerability Management" states: CHEFS is on a two week sprint schedule, and this review happens before every sprint planning meeting. In [Red Hat ACS](https://acs.developer.gov.bc.ca) ensure that the top item in the `Images most at risk` has a JIRA item created for it. If not, create a JIRA item in the Backlog using the template: - _Type_: Task -- _Title_: As a Developer, I need to update **[IMAGE_NAME]**, so that ACS is happier +- _Title_: ACS Image at risk: **[IMAGE_NAME]** - _Description_:
The Red Hat Advanced Cluster Security (ACS) application has identified the image **[IMAGE_NAME]** as having vulnerabilities that are fixable. To satisfy the requirements outlined in the Security Threat and Risk Assessment's (STRA) Statement of Acceptable Risks (SoAR), this image must be updated to resolve fixable vulnerabilities (or mitigated in some other way, if updating the image is not possible). - _Epic Link_: CHEFS DevOps @@ -55,7 +55,7 @@ The SoAR section "Assessment", subsection "Vulnerability Management" states: CHEFS is on a two week sprint schedule, and this review happens before every sprint planning meeting. In the `common-hosted-form-service` GitHub repository check the `Security` > `Dependabot` alerts. Create a JIRA item in the Backlog for new alerts using the template: - _Type_: Task -- _Title_: As a Developer, I need to update **[PACKAGE_NAME]** in **[MANIFEST_DIR]**, so that CHEFS is secure +- _Title_: Dependabot Vulnerability Alert for **[PACKAGE_NAME]** in **[MANIFEST_DIR]** - _Description_:
The GitHub Dependabot process has created an alert for the **[PACKAGE_NAME]** dependency. To satisfy the requirements outlined in the Security Threat and Risk Assessment's (STRA) Statement of Acceptable Risks (SoAR), this vulnerability must be handled by updating the package version (or mitigated in some other way, if updating the package is not possible).
https://github.com/bcgov/common-hosted-form-service/security/dependabot/**[DEPENDABOT_ID]** - _Epic Link_: CHEFS DevOps