Document Hopper Team vulnerability triage process

Description

Further details

As part of our divisional DevSecOps standardisation, we are aiming for the whole division to start using the triage features in GitLab vulnerability scanning / management.

Hopper team are already using these as part of Digital Admissions (see https://gitlab.developers.cam.ac.uk/uis/devops/digital-admissions/operational-support-and-helpdesk/-/issues/113 for an example).

We should therefore document what we are already doing so this can form the first part of iterating towards a divisional policy / standard.

Task list

Determine what our vulnerability triage process is
- (Is it simply "follow the ticket"?)
- (Are there gaps in the ticket / bits that are "open to interpretation"?)
Document our vulnerability triage process in the DevOps Guidebook
Update the vuln report template in https://gitlab.developers.cam.ac.uk/uis/devops/digital-admissions/operational-support-and-helpdesk/ if necessary

Acceptance criteria

Document our vulnerability triage process in the DevOps Guidebook
Update the vuln report template in https://gitlab.developers.cam.ac.uk/uis/devops/digital-admissions/operational-support-and-helpdesk/ if necessary

Links/references

Edited Dec 18, 2024 by Benjamin Woods