Background
Absa is paying for Aquasec Platform to scan the repository, discover and report security vulnerabilities in it.
The findings can be nicely synced with the Github Security Alerts, so that it's closer to the repository and the code, and also we can create a list of tickerts for DevOps / Backend engineers to work on in order to mitigate or fix these.
Feature
Aquasec security findings are synchronized with Github Security Issues so that we are informed about the current state of things.
Proposed Solution
We already have tooling for this: https://github.com/AbsaOSS/organizational-workflows/blob/master/docs/security/security.md
Background
Absa is paying for Aquasec Platform to scan the repository, discover and report security vulnerabilities in it.
The findings can be nicely synced with the Github Security Alerts, so that it's closer to the repository and the code, and also we can create a list of tickerts for DevOps / Backend engineers to work on in order to mitigate or fix these.
Feature
Aquasec security findings are synchronized with Github Security Issues so that we are informed about the current state of things.
Proposed Solution
We already have tooling for this: https://github.com/AbsaOSS/organizational-workflows/blob/master/docs/security/security.md