Hasty Briefsbeta

Bilingual

We Fixed 2k+ Security Issues (2023)

a year ago
  • #DevOps
  • #OpenSource
  • #Security
  • Dgraph Labs Inc. implemented Continuous Security Audits to detect and remediate security issues in their OpenSource offerings.
  • Integrated toolsets with GitHub Actions for improved visibility and faster resolution of security issues.
  • Addressed over 2k+ security issues in ~3 months, enhancing SOC2 compliance.
  • Security audits focus on three layers: Code, Binary Artifacts, and Docker Images.
  • Code layer audits include dependency package checks (CVEs) and static analysis (Linters).
  • Binary Artifacts layer ensures secure environment and SHA validation for integrity.
  • Docker Images layer focuses on updated Linux packages to prevent vulnerabilities.
  • CVEs (Common Vulnerabilities and Exposures) are identifiers for tracking software vulnerabilities.
  • Linters are automated tools for detecting code issues, improving quality and security.
  • Continuous Security Audits involve Code & Build Phase (Aqua Trivy Scans) and Post Release Phase (Snyk Scans).
  • GitHub Security tab used for visualizing, triaging, and resolving security issues.
  • DependaBot enabled for auto-remediation of security issues.
  • Tracked fixes via GitHub, showing a decrease in reported issues over time.
  • Achieved significant results: resolved 2k+ security issues and 1k+ CVEs across projects.
  • Future focus includes exploring AI-driven security tools and auto-remediation solutions.
About|Login