Sha256: 102ecc3af4b1aa780ba6eafd7769bb4457dfb1016deb859321b48fa09c16145e

Contents?: true

Size: 1.36 KB

Versions: 21

Compression:

Stored size: 1.36 KB

Contents

# 3. Security Scans

Date: <%= Date.today.iso8601 %>

## Status

Accepted

## Context

In order to maintain a secure system, it is important that we are kept notified of any potential
vulnerabilities as early as possible, so we can mitigate them.

## Decision

We will add four new scans to our CI/CD Pipeline.

### Brakeman

Brakeman is a static code scanner designed to find security issues in Ruby on Rails code. It can flag
potential SQL injection, Command Injection, open redirects, and other common vulnerabilities.

### Bundle Audit

bundle-audit checks our Ruby dependencies against a database of known CVE numbers.

### Yarn Audit

yarn audit checks our Javascript dependencies against a database of known CVE numbers.

### OWASP ZAP

[OWASP ZAP](https://www.zaproxy.org/) is a dynamic security scanner that can simulate actual attacks on a running server.

An additional `RAILS_ENV` has been created called `ci`. It inherits from `production` to ensure
that the system being tested is as close as possible to `production` while allowing for overrides such
as bypassing authentication in a secure way.

## Consequences

We now have real-time information on any security vulnerabilities we may have introduced, as well as continuous
monitoring and alerting of discovered vulnerabilities in our software dependencies.

Our system security posture is overall improved by these additions.

Version data entries

21 entries across 21 versions & 1 rubygems

Version Path
rails_template_18f-2.0.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-1.3.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-1.2.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-1.1.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-1.0.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.8.2 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.8.1 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.8.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.7.2 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.7.1 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.7.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.6.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.5.3 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.5.2 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.5.1 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.5.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.4.1 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.4.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.3.0 templates/doc/adr/0003-security-scans.md.tt
rails_template_18f-0.2.0 templates/doc/adr/0003-security-scans.md.tt