Skip to content
/ DocParser Public

Parses out information based on known assertions.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kelmryan/DocParser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
jenkins/policy
jenkins/policy
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
README.md
README.md
 
 
common.sh
common.sh
 
 

Repository files navigation

Automated Risk Assessment of Microservices

The Automated Risk Assessment of Microservices(ARAM) is an automated CI/CD pipline that automates best security practices for 3rd party microservices. The risk assesment is done based on the researched security compliance by the OCIO team and in agreement with the AO in an effort to minimize risk while implementing best security practices.

Jenkins Risk Assessment

The following will explain how to run the Jenkins automated Risk assessment using the gitlab pipeline. This pipeline will run security policy checks against an active jenkins server running in a specified environment. These checks are user in an attempt to identify the best security practices in accordance with:

Prerequisite

The following steps need to be taken prior to running the test.

  • Access to appstream
  • Access to gitlab on primrosenet
  • Access to the AMRA board on GDEV as a maintainer or higher
  • Establish variables within gitlab project including:
BASTION - User and IP address of jump box
BASTION_PUB - Bastion public key
JENKINS - URL to Jenkins server being assessed
JENKINS_SERVER - User and IP address of Jenkins server
TOKEN - (Optional) Used for interacting with

NOTE - This may require configuration and communication with the system owner of the Jenkins instance

Instructions

The following instructions will guide a user to running a Security assessment against a configured Jenkins server

  1. Browser- Navigate to app stream
  2. Appstream- Open a browser and click the gitlab icon
  3. Appstream- Sign in to gitlab
  4. Appstream- Navigate to gitlab.primrosenet.net/ISRM/aram/-/pipelines/new
  5. Appstream- Click Run Pipeline button
  6. Appstream- Wait 2-4 minutes for the jobs to run
  7. Appstream- Evaluate Jobs that passed or failed
  8. Appstream- Click a job
  9. Appstream- Download artifacts (passed or failed) and save to Downloads folder
  10. Appstream- Open notepad++ on appstream
  11. Appstream- Click File -> open -> Downloads
  12. Appstream- Right click the artifacts and select Extract All...
  13. Appstream- Click Extract
  14. Appstream- Click results folder and then click the text file
  15. Appstream- Verify information

For failures reference the Failed jobs section

Failed Jobs

  1. Browser- Reference Jenkins jobs
  2. Browser- Step through the Manual Assessment method of any jobs that may have failed
  3. Browser- Verify solution and create issues as needed

About

Parses out information based on known assertions.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages