Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conmon: Run pages, fix compliance scan download #2331

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Conmon: Run pages, fix compliance scan download #2331

wants to merge 2 commits into from

Conversation

pburkholder
Copy link
Contributor

@pburkholder pburkholder commented Nov 3, 2022
edited
Loading

Changes proposed in this pull request:

  • Adds running Pages scans
  • Fix compliance scan report download

security considerations

These steps are now too complex for a human to successfully execute on, and we need to invest in automating....

@pburkholder pburkholder requested a review from a team November 3, 2022 15:26
@pburkholder pburkholder changed the title Add pages steps (first iteration) Conmon: Run pages, fix compliance scan download Nov 3, 2022
markdboyd
markdboyd reviewed Nov 4, 2022
View reviewed changes
.github/ISSUE_TEMPLATE/run_conmon.md
In total, you'll run three scans:
* For external sites (PaaS sites that do not require a GSA origin IP address)
* For internal sites (PaaS sites that do GSA origin IP address)
* For sites
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this thought need to be finished?

jameshochadel
jameshochadel reviewed Nov 7, 2022
View reviewed changes
Copy link
Contributor

@jameshochadel jameshochadel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two minor changes, otherwise LGTM!

.github/ISSUE_TEMPLATE/run_conmon.md
Comment on lines +67 to +68
* For internal sites (PaaS sites that do GSA origin IP address)
* For sites
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* For internal sites (PaaS sites that do GSA origin IP address)
* For sites
* For internal sites (PaaS sites that do require a GSA origin IP address)
* For Pages sites (none of which require a GSA origin IP address)

.github/ISSUE_TEMPLATE/run_conmon.md
@@ -71,6 +76,9 @@ The following steps are for the `external` scan (except as noted):
- In the ZAP-configured Firefox, log in to each site in the context list.
- For the **`external` context, use your "sandbox" identity**. VPN not needed.
- For the **`internal` context, use your Cloud Ops (GSA SecureAuth) identity**, and join the VPN
- For the **`pages` context, use your Cloud Ops identity**
- You should be non-privileged (e.g. site owner) user of Pages for the main app
- You shoudl be a _support_ user of Pages for the admin app
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- You shoudl be a _support_ user of Pages for the admin app
- You should be a _support_ user of Pages for the admin app

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markdboyd markdboyd markdboyd left review comments

@jameshochadel jameshochadel jameshochadel left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pburkholder @markdboyd @jameshochadel