From c098a7f1fe4faa53a02509360424551cf233093f Mon Sep 17 00:00:00 2001 From: jeason Date: Fri, 9 Oct 2020 17:55:43 -0600 Subject: [PATCH 1/5] Project template: file templates --- .gitlab/CODEOWNERS | 7 ++++ .gitlab/issue_templates/Bug.md | 37 +++++++++++++++++++ .gitlab/issue_templates/Feature Request.md | 32 ++++++++++++++++ .../issue_templates/Leadership Question.md | 7 ++++ .../issue_templates/Onboarding Question.md | 7 ++++ .gitlab/issue_templates/Pipeline Failure.md | 31 ++++++++++++++++ 6 files changed, 121 insertions(+) create mode 100644 .gitlab/CODEOWNERS create mode 100644 .gitlab/issue_templates/Bug.md create mode 100644 .gitlab/issue_templates/Feature Request.md create mode 100644 .gitlab/issue_templates/Leadership Question.md create mode 100644 .gitlab/issue_templates/Onboarding Question.md create mode 100644 .gitlab/issue_templates/Pipeline Failure.md diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS new file mode 100644 index 0000000..33a2207 --- /dev/null +++ b/.gitlab/CODEOWNERS @@ -0,0 +1,7 @@ +[Pipelines] +.gitlab-ci.yml @ironbank-notifications/cht +.gitlab-ci.yaml @ironbank-notifications/cht + +[Gitlab Configuration Files] +.gitlab/* @ironbank-notifications/cht + diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md new file mode 100644 index 0000000..b22089e --- /dev/null +++ b/.gitlab/issue_templates/Bug.md @@ -0,0 +1,37 @@ +## Summary + +(Summarize the bug encountered concisely) + + +## Steps to reproduce + +(How one can reproduce the issue - this is very important) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Relevant logs and/or screenshots + +(Paste any relevant logs - please use code blocks (```) to format console output, +logs, and code as it's very hard to read otherwise.) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Defintion of Done +- [ ] Bug has been identified and corrected within the container + + +/label ~Bug +/cc @ironbank-notifications/bug diff --git a/.gitlab/issue_templates/Feature Request.md b/.gitlab/issue_templates/Feature Request.md new file mode 100644 index 0000000..391a37a --- /dev/null +++ b/.gitlab/issue_templates/Feature Request.md @@ -0,0 +1,32 @@ +## Feature description + +(Detailed description of the feature being requested) + + +## Use cases + + +(Detailed description of the use case for this feature) + + +## Benefits + +(How does this benefit others) + + +## Requirements + +(Any requirements for this feature to be enabled?) + + +## Links / references + +(List of links or references that support this feature) + + +## Definition of Done +- [ ] Feature has been implemented + + +/label ~Feature +/cc @ironbank-notifications/feature diff --git a/.gitlab/issue_templates/Leadership Question.md b/.gitlab/issue_templates/Leadership Question.md new file mode 100644 index 0000000..cba6237 --- /dev/null +++ b/.gitlab/issue_templates/Leadership Question.md @@ -0,0 +1,7 @@ +## Leadership question + +(Detailed description of the question you'd like to ask the leadership team) + + +/label ~"Question::Leadership" ~"To Do" +/cc @ironbank-notifications/leadership diff --git a/.gitlab/issue_templates/Onboarding Question.md b/.gitlab/issue_templates/Onboarding Question.md new file mode 100644 index 0000000..2205f72 --- /dev/null +++ b/.gitlab/issue_templates/Onboarding Question.md @@ -0,0 +1,7 @@ +## Onboarding question + +(Detailed description of the question you'd like to ask the onboarding team) + + +/label ~"Question::Onboarding" ~"To Do" +/cc @ironbank-notifications/onboarding diff --git a/.gitlab/issue_templates/Pipeline Failure.md b/.gitlab/issue_templates/Pipeline Failure.md new file mode 100644 index 0000000..c55f989 --- /dev/null +++ b/.gitlab/issue_templates/Pipeline Failure.md @@ -0,0 +1,31 @@ +## Summary + +(Summarize the pipeline issue encountered concisely) + + +## Link to failed pipeline + +(Link to the failed pipeline) + + +## What is the current bug behavior? + +(What actually happens) + + +## What is the expected correct behavior? + +(What you should see instead) + + +## Possible fixes + +(If you can, link to the line of code that might be responsible for the problem) + + +## Definition of Done +- [ ] Pipeline failure has been resolved + + +/label ~Pipeline +/cc @ironbank-notifications/pipelines -- GitLab From 40225cc1cda45c93e7b8e67c04cb0d76273ae3e7 Mon Sep 17 00:00:00 2001 From: jeason Date: Mon, 12 Oct 2020 11:12:32 -0600 Subject: [PATCH 2/5] Project template: file templates --- .gitlab/CODEOWNERS | 1 - .gitlab/issue_templates/Access Request.md | 16 +++++++++ .../issue_templates/Application - Archive.md | 21 +++++++++++ .../issue_templates/Application - Initial.md | 32 +++++++++++++++++ .../issue_templates/Application - Update.md | 35 +++++++++++++++++++ .gitlab/issue_templates/Bug.md | 2 +- .gitlab/issue_templates/Feature Request.md | 2 +- .../issue_templates/Leadership Question.md | 2 +- .gitlab/issue_templates/New Findings.md | 20 +++++++++++ .../issue_templates/Onboarding Question.md | 2 +- .gitlab/issue_templates/Pipeline Failure.md | 2 +- 11 files changed, 129 insertions(+), 6 deletions(-) create mode 100644 .gitlab/issue_templates/Access Request.md create mode 100644 .gitlab/issue_templates/Application - Archive.md create mode 100644 .gitlab/issue_templates/Application - Initial.md create mode 100644 .gitlab/issue_templates/Application - Update.md create mode 100644 .gitlab/issue_templates/New Findings.md diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 33a2207..64a2c68 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -4,4 +4,3 @@ [Gitlab Configuration Files] .gitlab/* @ironbank-notifications/cht - diff --git a/.gitlab/issue_templates/Access Request.md b/.gitlab/issue_templates/Access Request.md new file mode 100644 index 0000000..1a7b224 --- /dev/null +++ b/.gitlab/issue_templates/Access Request.md @@ -0,0 +1,16 @@ +## Summary + +The following individuals are requesting access to this project (one per line): +(List or tag all individuals here) + + +The access level should be: +- [ ] Developer access +- [ ] Remove access + + +## Definition of Done +- [ ] All accounts have been provided the necessary accesses + + +/label ~"Access" ~"To Do" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Archive.md b/.gitlab/issue_templates/Application - Archive.md new file mode 100644 index 0000000..9f3b5fe --- /dev/null +++ b/.gitlab/issue_templates/Application - Archive.md @@ -0,0 +1,21 @@ +## Summary + +Requesting this application be archived due to one of the following reasons: +- [ ] Version is no longer supported by vendor +- [ ] Application is End-Of-Life +- [ ] License violation. +- [ ] Other. See below. + +## Detailed Description + +(Please provide a detailed description of why this application should be archived) + + +## Definition of Done +- [ ] Application has been reviewed for archival +- [ ] Project is officially marked as stale +- [ ] Iron Bank frontend no longer lists application as available or approved + + +/label ~"Container::Archive" +/cc @ironbank-notifications/archive \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Initial.md b/.gitlab/issue_templates/Application - Initial.md new file mode 100644 index 0000000..6594a05 --- /dev/null +++ b/.gitlab/issue_templates/Application - Initial.md @@ -0,0 +1,32 @@ +## Summary + +Requesting application to be hardened. This is only for initial hardening of a container. + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Greylist file has been created (requires a member from container hardening) +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process (container hardening team processes): +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Initial" +/cc @ironbank-notifications/cht \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Update.md b/.gitlab/issue_templates/Application - Update.md new file mode 100644 index 0000000..caebb3e --- /dev/null +++ b/.gitlab/issue_templates/Application - Update.md @@ -0,0 +1,35 @@ +## Summary + +Requesting application be updated to a newer version. + + + +## Version Information + +Current version: (State the current version of the application as you see it) + +Updated version: (State the version you would like the application updated to) + +Under support: (Is the updated version within the same major version of the application or is this a new major version?) + + +## Definition of Done +Hardening: +- [ ] Container builds successfully +- [ ] Container version has been updated in greylist file +- [ ] Branch has been merged into `development` + +Justifications: +- [ ] All findings have been justified per the above documentation +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Peer review from Container Hardening Team +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::Update" +/cc @ironbank-notifications/updates \ No newline at end of file diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md index b22089e..1427a0c 100644 --- a/.gitlab/issue_templates/Bug.md +++ b/.gitlab/issue_templates/Bug.md @@ -34,4 +34,4 @@ logs, and code as it's very hard to read otherwise.) /label ~Bug -/cc @ironbank-notifications/bug +/cc @ironbank-notifications/bug \ No newline at end of file diff --git a/.gitlab/issue_templates/Feature Request.md b/.gitlab/issue_templates/Feature Request.md index 391a37a..a0e2f19 100644 --- a/.gitlab/issue_templates/Feature Request.md +++ b/.gitlab/issue_templates/Feature Request.md @@ -29,4 +29,4 @@ /label ~Feature -/cc @ironbank-notifications/feature +/cc @ironbank-notifications/feature \ No newline at end of file diff --git a/.gitlab/issue_templates/Leadership Question.md b/.gitlab/issue_templates/Leadership Question.md index cba6237..4674f82 100644 --- a/.gitlab/issue_templates/Leadership Question.md +++ b/.gitlab/issue_templates/Leadership Question.md @@ -4,4 +4,4 @@ /label ~"Question::Leadership" ~"To Do" -/cc @ironbank-notifications/leadership +/cc @ironbank-notifications/leadership \ No newline at end of file diff --git a/.gitlab/issue_templates/New Findings.md b/.gitlab/issue_templates/New Findings.md new file mode 100644 index 0000000..068d029 --- /dev/null +++ b/.gitlab/issue_templates/New Findings.md @@ -0,0 +1,20 @@ +## Summary + +Container has new findings discovered during continuous monitoring. + + + +## Definition of Done +Justifications: +- [ ] All findings have been justified +- [ ] Justifications have been provided to the container hardening team + +Approval Process: +- [ ] Findings Approver has reviewed and approved all justifications +- [ ] Approval request has been sent to Authorizing Official +- [ ] Approval request has been processed by Authorizing Official + + + +/label ~"Container::New Findings" +/cc @ironbank-notifications/security \ No newline at end of file diff --git a/.gitlab/issue_templates/Onboarding Question.md b/.gitlab/issue_templates/Onboarding Question.md index 2205f72..77dea11 100644 --- a/.gitlab/issue_templates/Onboarding Question.md +++ b/.gitlab/issue_templates/Onboarding Question.md @@ -4,4 +4,4 @@ /label ~"Question::Onboarding" ~"To Do" -/cc @ironbank-notifications/onboarding +/cc @ironbank-notifications/onboarding \ No newline at end of file diff --git a/.gitlab/issue_templates/Pipeline Failure.md b/.gitlab/issue_templates/Pipeline Failure.md index c55f989..28b82a9 100644 --- a/.gitlab/issue_templates/Pipeline Failure.md +++ b/.gitlab/issue_templates/Pipeline Failure.md @@ -28,4 +28,4 @@ /label ~Pipeline -/cc @ironbank-notifications/pipelines +/cc @ironbank-notifications/pipelines \ No newline at end of file -- GitLab From d62f33507be3ce8ba9e69398176b2f47f543f699 Mon Sep 17 00:00:00 2001 From: Joshua Eason Date: Wed, 17 Mar 2021 23:10:10 -0600 Subject: [PATCH 3/5] Project template: file templates --- .gitlab/issue_templates/Access Request.md | 3 + .../issue_templates/Application - Archive.md | 6 +- .../issue_templates/Application - Initial.md | 57 ++++++++++++++++--- .../issue_templates/Application - Update.md | 55 ++++++++++++++++-- .gitlab/issue_templates/Bug.md | 8 ++- .gitlab/issue_templates/Feature Request.md | 8 ++- .../issue_templates/Leadership Question.md | 5 ++ .gitlab/issue_templates/New Findings.md | 11 +++- .../issue_templates/Onboarding Question.md | 5 ++ .gitlab/issue_templates/Pipeline Failure.md | 9 ++- 10 files changed, 146 insertions(+), 21 deletions(-) diff --git a/.gitlab/issue_templates/Access Request.md b/.gitlab/issue_templates/Access Request.md index 1a7b224..2e3e8b7 100644 --- a/.gitlab/issue_templates/Access Request.md +++ b/.gitlab/issue_templates/Access Request.md @@ -13,4 +13,7 @@ The access level should be: - [ ] All accounts have been provided the necessary accesses + + + /label ~"Access" ~"To Do" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Archive.md b/.gitlab/issue_templates/Application - Archive.md index 9f3b5fe..0304276 100644 --- a/.gitlab/issue_templates/Application - Archive.md +++ b/.gitlab/issue_templates/Application - Archive.md @@ -17,5 +17,7 @@ Requesting this application be archived due to one of the following reasons: - [ ] Iron Bank frontend no longer lists application as available or approved -/label ~"Container::Archive" -/cc @ironbank-notifications/archive \ No newline at end of file + + + +/label ~"Container::Archive" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Initial.md b/.gitlab/issue_templates/Application - Initial.md index 6594a05..7ddab91 100644 --- a/.gitlab/issue_templates/Application - Initial.md +++ b/.gitlab/issue_templates/Application - Initial.md @@ -7,26 +7,69 @@ Requesting application to be hardened. This is only for initial hardening of a c Current version: (State the current version of the application as you see it) -Under support: (Is the updated version within the same major version of the application or is this a new major version?) +## Communication + +All communication should occur through this issue. This ensures that all information is documented in a centralized location and also ensures that all of the assignees are notified of updates. It is imperative that all required parties are listed as assignees of this issue and that individuals are not removed. Please do not remove anyone from the assignee list. + +If you need to contact the Container Hardening team, please identify your assigned point of contact. You can find your point of contact by: +1. They should be listed as an assignee on this ticket +2. They should be listed in the `hardening_manifest.yaml` file under the `maintainers` section with a field of `cht_member: true` + +If you have no assignee, feel free to tag Container Hardening leadership in your issue by commenting on this issue with your questions/concerns and then add `/cc @ironbank-notifications/leadership`. Gitlab will automatically notify all Container Hardening leadership to look at this issue and respond. + + +## Responsibilities + +If this application is owned by a Contributor or Vendor (identifed as `Owner::Contributor` and `Owner::Vendor` respectively), then it is your responsibility to drive this issue through completion. This means that the Container Hardening team is not here to help push any deadlines/timeframes you may have with other customers or DoD agencies. If you have issues with the activity, you may notify Container Hardening leadership above. Do not change the ownership labels. ## Definition of Done + Hardening: -- [ ] Container builds successfully -- [ ] Greylist file has been created (requires a member from container hardening) +- [ ] Hardening manifest is created and adheres to the schema (https://repo1.dsop.io/ironbank-tools/ironbank-pipeline/-/blob/master/schema/hardening_manifest.schema.json) +- [ ] Container builds successfully through the Gitlab CI pipeline - [ ] Branch has been merged into `development` +- [ ] Project is configured for automatic renovate updates (if possible) Justifications: - [ ] All findings have been justified per the above documentation -- [ ] Justifications have been provided to the container hardening team +- [ ] Justifications have been attached to this issue +- [ ] Apply the label `Approval` to indicate this container is ready for the approval phase + +Note: The justifications must be provided in a timely fashion. Failure to do so could result in new findings being identified which may start this process over. -Approval Process (container hardening team processes): +Approval Process (Container Hardening Team processes): - [ ] Peer review from Container Hardening Team - [ ] Findings Approver has reviewed and approved all justifications - [ ] Approval request has been sent to Authorizing Official - [ ] Approval request has been processed by Authorizing Official +Note: If the above approval process is kicked back for any reason, the `Approval` label will be removed and the issue will be sent back to `Open`. Any comments will be listed in this issue for you to address. Once they have been addressed, you may re-add the `Approval` label. + +## Post Approval + +### Continuous Monitoring + +Once a container is approved, the `Approved` label will be applied to this issue and it will be closed. You will be able to find your applications on http://ironbank.dsop.io and https://registry1.dsop.io. + +In addition to the above, your application will now be subscribed to continuous monitoring. This means that any new findings discovered as part of this will need justifications. To satisfy this process, any new findings will trigger a new Gitlab issue in this project with the label `Container::New Findings`. All members listed in the `maintainers` section of the `hardening_manifest.yaml` file will automatically be assigned. It is your responsibility as a Contributor or Vendor to monitor for this and provide justifications in a timely fashion. This newly created issue will have all the instructions necessary to complete the process. Failure to provide justifications could result in the revocation of the application's approval status. + +### Updates + +It is imperative that application updates be submitted as quickly as possible. We do not want applications to become stale. To help with this process, Ironbank recommends using a tool called [Renovate](https://github.com/renovatebot/renovate). This requires a `renovate.json` file to be placed in your project and can automate the creation of issues and merge requests. + +If not using Renovate, it will be up to you as a Contributor or Vendor to keep this image up-to-date at all times. When you wish to submit an application update, you must create a new issue in this project using the `Application - Update` template and associate it with the corresponding merge request. If you submit a merge request alone, work will not proceed until a related issue is created. These issues are tracked using the label `Container::Update`. + +Additionally, it is imperative that all updates must be followed through to completion. Simply submitting an application update but not following through on justifications and approvals does not suffice and risk your application's approval status being revoked. + +### Bugs + +Occassionally, users may file bug reports for your application. It is your responsibility to monitor for these since they are created inside your project repository. Assignees will automatically be populated by the `members` section of the `hardening_manifest.yaml` file and will have the label `Bug`. + + + + + -/label ~"Container::Initial" -/cc @ironbank-notifications/cht \ No newline at end of file +/label ~"Container::Initial" \ No newline at end of file diff --git a/.gitlab/issue_templates/Application - Update.md b/.gitlab/issue_templates/Application - Update.md index caebb3e..569e75d 100644 --- a/.gitlab/issue_templates/Application - Update.md +++ b/.gitlab/issue_templates/Application - Update.md @@ -13,15 +13,38 @@ Updated version: (State the version you would like the application updated to) Under support: (Is the updated version within the same major version of the application or is this a new major version?) +## Communication + +All communication should occur through this issue. This ensures that all information is documented in a centralized location and also ensures that all of the assignees are notified of updates. It is imperative that all required parties are listed as assignees of this issue and that individuals are not removed. Please do not remove anyone from the assignee list. + +If you need to contact the Container Hardening team, please identify your assigned point of contact. You can find your point of contact by: +1. They should be listed as an assignee on this ticket +2. They should be listed in the `hardening_manifest.yaml` file under the `maintainers` section with a field of `cht_member: true` + +If you have no assignee, feel free to tag Container Hardening leadership in your issue by commenting on this issue with your questions/concerns and then add `/cc @ironbank-notifications/leadership`. Gitlab will automatically notify all Container Hardening leadership to look at this issue and respond. + + +## Responsibilities + +If this application is owned by a Contributor or Vendor (identifed as `Owner::Contributor` and `Owner::Vendor` respectively), then it is your responsibility to drive this issue through completion. This means that the Container Hardening team is not here to help push any deadlines/timeframes you may have with other customers or DoD agencies. If you have issues with the activity, you may notify Container Hardening leadership above. Do not change the ownership labels. + + ## Definition of Done Hardening: -- [ ] Container builds successfully -- [ ] Container version has been updated in greylist file +- [ ] Hardening manifest has been updated and adheres to the schema (https://repo1.dsop.io/ironbank-tools/ironbank-pipeline/-/blob/master/schema/hardening_manifest.schema.json) +- [ ] Container builds successfully throughthe Gitlab CI pipeline - [ ] Branch has been merged into `development` +- [ ] Project is configured for automatic renovate updates (if possible) + +No new findings: +- [ ] There are no new findings in this update. Skip the Justifications and Approval Process steps and apply the label `Approval` Justifications: - [ ] All findings have been justified per the above documentation - [ ] Justifications have been provided to the container hardening team +- [ ] Skip the Justifications and Approval Process steps and apply the label `Approval` + +Note: The justifications must be provided in a timely fashion. Failure to do so could result in new findings being identified which may start this process over. Approval Process: - [ ] Peer review from Container Hardening Team @@ -29,7 +52,31 @@ Approval Process: - [ ] Approval request has been sent to Authorizing Official - [ ] Approval request has been processed by Authorizing Official +Note: If the above approval process is kicked back for any reason, the `Approval` label will be removed and the issue will be sent back to `Open`. Any comments will be listed in this issue for you to address. Once they have been addressed, you may re-add the `Approval` label. + + +## Post Approval + +### Continuous Monitoring + +Once a container is approved, the `Approved` label will be applied to this issue and it will be closed. You will be able to find your applications on http://ironbank.dsop.io and https://registry1.dsop.io. + +In addition to the above, your application will now be subscribed to continuous monitoring. This means that any new findings discovered as part of this will need justifications. To satisfy this process, any new findings will trigger a new Gitlab issue in this project with the label `Container::New Findings`. All members listed in the `maintainers` section of the `hardening_manifest.yaml` file will automatically be assigned. It is your responsibility as a Contributor or Vendor to monitor for this and provide justifications in a timely fashion. This newly created issue will have all the instructions necessary to complete the process. Failure to provide justifications could result in the revocation of the application's approval status. + +### Updates + +It is imperative that application updates be submitted as quickly as possible. We do not want applications to become stale. To help with this process, Ironbank recommends using a tool called [Renovate](https://github.com/renovatebot/renovate). This requires a `renovate.json` file to be placed in your project and can automate the creation of issues and merge requests. + +If not using Renovate, it will be up to you as a Contributor or Vendor to keep this image up-to-date at all times. When you wish to submit an application update, you must create a new issue in this project using the `Application - Update` template and associate it with the corresponding merge request. If you submit a merge request alone, work will not proceed until a related issue is created. These issues are tracked using the label `Container::Update`. + +Additionally, it is imperative that all updates must be followed through to completion. Simply submitting an application update but not following through on justifications and approvals does not suffice and risk your application's approval status being revoked. + +### Bugs + +Occassionally, users may file bug reports for your application. It is your responsibility to monitor for these since they are created inside your project repository. Assignees will automatically be populated by the `members` section of the `hardening_manifest.yaml` file and will have the label `Bug`. + + + -/label ~"Container::Update" -/cc @ironbank-notifications/updates \ No newline at end of file +/label ~"Container::Update" \ No newline at end of file diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md index 1427a0c..069eaf0 100644 --- a/.gitlab/issue_templates/Bug.md +++ b/.gitlab/issue_templates/Bug.md @@ -33,5 +33,9 @@ logs, and code as it's very hard to read otherwise.) - [ ] Bug has been identified and corrected within the container -/label ~Bug -/cc @ironbank-notifications/bug \ No newline at end of file + + + + + +/label ~Bug \ No newline at end of file diff --git a/.gitlab/issue_templates/Feature Request.md b/.gitlab/issue_templates/Feature Request.md index a0e2f19..aad0671 100644 --- a/.gitlab/issue_templates/Feature Request.md +++ b/.gitlab/issue_templates/Feature Request.md @@ -28,5 +28,9 @@ - [ ] Feature has been implemented -/label ~Feature -/cc @ironbank-notifications/feature \ No newline at end of file + + + + + +/label ~Feature \ No newline at end of file diff --git a/.gitlab/issue_templates/Leadership Question.md b/.gitlab/issue_templates/Leadership Question.md index 4674f82..b2cf9e5 100644 --- a/.gitlab/issue_templates/Leadership Question.md +++ b/.gitlab/issue_templates/Leadership Question.md @@ -3,5 +3,10 @@ (Detailed description of the question you'd like to ask the leadership team) + + + + + /label ~"Question::Leadership" ~"To Do" /cc @ironbank-notifications/leadership \ No newline at end of file diff --git a/.gitlab/issue_templates/New Findings.md b/.gitlab/issue_templates/New Findings.md index 068d029..867f832 100644 --- a/.gitlab/issue_templates/New Findings.md +++ b/.gitlab/issue_templates/New Findings.md @@ -8,13 +8,20 @@ Container has new findings discovered during continuous monitoring. Justifications: - [ ] All findings have been justified - [ ] Justifications have been provided to the container hardening team +- [ ] `Approval` label has been applied + +Note: The justifications must be provided in a timely fashion. Failure to do so could result in new findings being identified which may start this process over. Approval Process: - [ ] Findings Approver has reviewed and approved all justifications - [ ] Approval request has been sent to Authorizing Official - [ ] Approval request has been processed by Authorizing Official +Note: If the above approval process is kicked back for any reason, the `Approval` label will be removed and the issue will be sent back to `Open`. Any comments will be listed in this issue for you to address. Once they have been addressed, you may re-add the `Approval` label. + + + + -/label ~"Container::New Findings" -/cc @ironbank-notifications/security \ No newline at end of file +/label ~"Container::New Findings" \ No newline at end of file diff --git a/.gitlab/issue_templates/Onboarding Question.md b/.gitlab/issue_templates/Onboarding Question.md index 77dea11..ae8011e 100644 --- a/.gitlab/issue_templates/Onboarding Question.md +++ b/.gitlab/issue_templates/Onboarding Question.md @@ -3,5 +3,10 @@ (Detailed description of the question you'd like to ask the onboarding team) + + + + + /label ~"Question::Onboarding" ~"To Do" /cc @ironbank-notifications/onboarding \ No newline at end of file diff --git a/.gitlab/issue_templates/Pipeline Failure.md b/.gitlab/issue_templates/Pipeline Failure.md index 28b82a9..36aa982 100644 --- a/.gitlab/issue_templates/Pipeline Failure.md +++ b/.gitlab/issue_templates/Pipeline Failure.md @@ -27,5 +27,10 @@ - [ ] Pipeline failure has been resolved -/label ~Pipeline -/cc @ironbank-notifications/pipelines \ No newline at end of file + + + + + + +/label ~Pipeline \ No newline at end of file -- GitLab From 95763a547d08d072fe96368351a2af4e65bc7f95 Mon Sep 17 00:00:00 2001 From: ironbank-bot Date: Mon, 14 Jun 2021 15:12:03 +0000 Subject: [PATCH 4/5] Master: Update minio/mc:RELEASE.2021-06-08T01-29-37Z Docker digest to 4df1b8b --- Dockerfile | 2 +- hardening_manifest.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 94f25e3..87479e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=latest -FROM minio/mc:RELEASE.2021-06-08T01-29-37Z as base +FROM minio/mc:RELEASE.2021-06-13T17-48-22Z as base FROM $BASE_REGISTRY/$BASE_IMAGE:$BASE_TAG diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 3ff089c..ceeb9f5 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "opensource/minio/mc" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "RELEASE.2021-06-08T01-29-37Z" +- "RELEASE.2021-06-13T17-48-22Z" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "https://docs.min.io/docs/minio-client-complete-guide.html" # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "MinIO" - org.opencontainers.image.version: "RELEASE.2021-06-08T01-29-37Z" + org.opencontainers.image.version: "RELEASE.2021-06-13T17-48-22Z" # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "utilities" # This value can be "opensource" or "commercial" @@ -37,8 +37,8 @@ labels: # List of resources to make available to the offline build context resources: -- tag: minio/mc:RELEASE.2021-06-08T01-29-37Z - url: docker://docker.io/minio/mc@sha256:3f369fdf8f52c9ab21b3c013b3334b921ae9ef3b3176357d81e0f96a6595d2ea +- tag: minio/mc:RELEASE.2021-06-13T17-48-22Z + url: docker://docker.io/minio/mc@sha256:bfd7b4c7751014233570e3fae765ccb7c65ac9e6346bd6effe6cfb1aa9ee6fc0 # List of project maintainers maintainers: -- GitLab From f4ee8a3da4e294ccd37d5375e00e0ce2b203c69a Mon Sep 17 00:00:00 2001 From: echi Date: Thu, 26 Aug 2021 21:51:08 -0400 Subject: [PATCH 5/5] fixed conflicts --- Dockerfile | 4 ---- hardening_manifest.yaml | 13 ------------- 2 files changed, 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 610609e..8a9bd99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,11 +2,7 @@ ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=latest -<<<<<<< HEAD -FROM minio/mc:RELEASE.2021-06-13T17-48-22Z as base -======= FROM minio/mc:RELEASE.2021-07-27T06-46-19Z as base ->>>>>>> origin/development FROM $BASE_REGISTRY/$BASE_IMAGE:$BASE_TAG diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index ba86543..c199951 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,11 +8,7 @@ name: "opensource/minio/mc" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -<<<<<<< HEAD -- "RELEASE.2021-06-13T17-48-22Z" -======= - "RELEASE.2021-07-27T06-46-19Z" ->>>>>>> origin/development - "latest" # Build args passed to Dockerfile ARGs @@ -31,11 +27,7 @@ labels: org.opencontainers.image.url: "https://docs.min.io/docs/minio-client-complete-guide.html" # Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "MinIO" -<<<<<<< HEAD - org.opencontainers.image.version: "RELEASE.2021-06-13T17-48-22Z" -======= org.opencontainers.image.version: "RELEASE.2021-07-27T06-46-19Z" ->>>>>>> origin/development # Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "utilities" # This value can be "opensource" or "commercial" @@ -45,13 +37,8 @@ labels: # List of resources to make available to the offline build context resources: -<<<<<<< HEAD -- tag: minio/mc:RELEASE.2021-06-13T17-48-22Z - url: docker://docker.io/minio/mc@sha256:bfd7b4c7751014233570e3fae765ccb7c65ac9e6346bd6effe6cfb1aa9ee6fc0 -======= - tag: minio/mc:RELEASE.2021-07-27T06-46-19Z url: docker://docker.io/minio/mc@sha256:4ee74e7e471a39bc695907b7a4f06ae273fd660a1d919253308d1f0566de7a14 ->>>>>>> origin/development # List of project maintainers maintainers: -- GitLab