WIP -DO NOT MERGE - HOFF-422: Replace hof-rds-api Image (WAIT FOR REGRESSION TESTING) #56
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Fix Vulnerabilities in hof-rds-api Image * Upgrade Yarn Packages in hof-rds-api Image
adityababumallisettiHO
requested review from
JHoldergov,
sulthan-ahmed and
Rhodine-orleans-lindsay
sulthan-ahmed
changed the title
sulthan-ahmed
changed the title
JHoldergov
approved these changes
Dec 8, 2023
|
@sulthan-ahmed Now that we have successfully tested this hof-rds-api image in Branch Env for IMA service as part of the following ticket by Elias. https://collaboration.homeoffice.gov.uk/jira/browse/HOFF-571 Can we Merge to Master branch So that we have this image available in UAT and then to Prod. I will also need to resolve merge conflicts before I merge the changes to Master. As these are higher environments, We may need to check the capacity of QA testers. So that we can merge and test asap for any issues. FYI - @SwathiManikos |
|
yes just resolve the conflicts |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What?
Fix Vulnerabilities in hof-rds-api Image. These vulnerabilities can be in base Image and Yarn Packages. And Update Image from Branch (dev) to Prod. see ticket
#HOFF-422
Why?
The CVE List is a set of records that describe specific vulnerabilities or exposures. It is maintained by a large community of trusted entities and individuals.
A vulnerability is a flaw in a software, firmware, hardware, or service component that can be exploited to cause a negative impact to the confidentiality, integrity, or availability of an impacted component or components.
An exposure is a code or configuration error that can be exploited to gain indirect and often hard-to-discover access to application data such as customer information.
How?
Used Trivy to Scan Images and as a result Vulnerabilities found in Yarn packages.
Used yarn upgrade to upgrade outdated and vulnerable packages to latest versions
Built a new hof-rds-api image with upgraded yarn packages and no vulnerabilities found with Trivy Scanner
Please refer to below Trivy report,
https://confluence.bics-collaboration.homeoffice.gov.uk/display/FBISC/hoff+-+Trivy+-+hof-rds-api:f72489e134c4e80740cb919602409b61f82ae598
Testing?
Ingress url for Branch : https://ima-hoff-422.internal.branch.sas-notprod.homeoffice.gov.uk/your-details
Pods are healthy in Branch Env:
kubectl --context=acp-notprod_SAS --namespace=sas-ima-branch get pods | grep "hoff-422"
We will need to perform regression testing, and Merge these changes to Master Branch to test the services in QAT