sop_security_mr_review
Last updated: 2024-09-17 21:09:19.528540 File source: link on GitLab
Process for Security Team for PR Review
Get yourself Familiar with Secure Coding Guidelines here: Secure Coding Guidelines
Get yourself familiar with defect dojo here: Vulnerability Management
See if there are any High/Critical Severity issues found with the commit associated with PR/MR
Login to defectDojo
If the issue/vulnerability is easily understood by developer and can be fixed, then developer should fix it.
If the vulnerability/issue needs enrichment then create an issue on the repo using ticketing template from here: Vulnerability Management
Make sure to include secvuln label
assign it to developer
If the vulnerability cannot be fixed add the label to the ticket as exception along with secvuln and include the reason for the decisions in the comment.
Last updated