UNCLASSIFIED - NO CUI

Iron Bank will be replacing the old container signing certificate with the new container signing certificate. No additional action is required. Users can find additional information regarding the certificate rotation and container signature verification here and here.

Currently supported Big Bang Version is 2.35

Daniel Pritchett requested to merge 52-finishes-mr-139-mr-feedback into main Jun 04, 2024

General MR

Summary

Adds extensive walkthrough of how+why our Fortify log4j XML configuration customization ended up in its current design. See docs/log-configuration.md in this MR for more.
Fixes missing environment variable bug by swapping out the alpine initContainer.image with another ssc image
Adds some additional notes to the log output in wait.sh to make it more clear what's being waited for and why it matters if the job fails

Relevant logs/screenshots

New Markdown+Mermaid developer walkthrough on how/why the logging is this way

See rendered Markdown with diagrams here: https://repo1.dso.mil/big-bang/product/packages/fortify/-/blob/b0797868138590fcedb9ff36f6bafdb92b3dc81f/docs/log-configuration.md

logs of the log4j-config-pinner container successfully interpolating `COM_FORTIFY_SSC_HOME` now that we've moved off of `alpine`

Updated `wait.sh`

✅ now more explicit about logging exactly what it's waiting for
✅ it passed locally
⚠ it took almost 10 minutes to pass, with fortify database seeds running for nearly 10 minutes and risking a flux timeout / retry that can break CI (or actual customer deploys, assuming 10 minute timeouts are their standard)

Linked Issue

follow-on bugfix to fortify#52

Upgrade Notices

N/A

Edited Jun 04, 2024 by Daniel Pritchett

UNCLASSIFIED - NO CUI