Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security improvements #605

Open
5 of 6 tasks
resir014 opened this issue Aug 9, 2021 · 3 comments
Open
5 of 6 tasks

Security improvements #605

resir014 opened this issue Aug 9, 2021 · 3 comments
Assignees
@zainfathoni
Labels
dx Developer Experience epic A master issue thread which contains other smaller issues hacktoberfest Issues for Hacktoberfest security Web security
Projects
Prioritization Kanban Board
Milestone
Further Optimizat...

Comments

@resir014
Copy link
Member

resir014 commented Aug 9, 2021
edited by zainfathoni

Overview

This is a master issue to track all security-related improvements to WBW.

Currently the WBW website is still missing some essential security headers, as detected by securityheaders.com

image

Current Tasks
@resir014 resir014 added epic A master issue thread which contains other smaller issues dx Developer Experience labels Aug 9, 2021
@resir014 resir014 added the security Web security label Aug 9, 2021
@resir014 resir014 added this to the Further Optimizations milestone Aug 9, 2021
@resir014 resir014 added this to Needs triage in Prioritization via automation Aug 9, 2021
@resir014
Copy link
Member Author

image

Thanks to the changes implemented here, our security score is now at A. 🎉

However, we still need to implement proper security vulnerability reporting measures, as dictated by #482. Please direct all attentions for this epic to that issue from now on.

@resir014
Copy link
Member Author

All of these tasks are done!

However, Snyk still gives us a security score of B, due to our use of Lodash, as mentioned here:

image

Shall we keep this issue open until this issue is resolved, or should we close this and let this be tracked in #374? @zainfathoni @mazipan

@zainfathoni
Copy link
Member

zainfathoni commented Aug 15, 2021
edited

Let's keep it open and add #374 as a task in this epic since we can track the same issue in multiple epics.
That would emphasize the importance of #374.

@resir014 resir014 moved this from Needs triage to High priority in Prioritization Aug 16, 2021
@resir014 resir014 added this to To do in Kanban Board via automation Aug 16, 2021
@resir014 resir014 moved this from To do to In progress in Kanban Board Aug 16, 2021
@zainfathoni zainfathoni added the hacktoberfest Issues for Hacktoberfest label Oct 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zainfathoni zainfathoni

Labels
dx Developer Experience epic A master issue thread which contains other smaller issues hacktoberfest Issues for Hacktoberfest security Web security
Projects
Kanban Board
In progress
Prioritization
High priority
Milestone
Further Optimizations
Development

No branches or pull requests
2 participants
@resir014 @zainfathoni