47 lines
2.7 KiB
Markdown
47 lines
2.7 KiB
Markdown
# Questions
|
|
|
|
## Part 2
|
|
|
|
- **Q2.1**: Every commit triggers the CI/CD pipeline. Find out a way to trigger the pipeline only if specific commits (e.g. commit in a development branch) are made. Where can this be configured. Describe your solution and implement it in your pipeline.
|
|
- **Q2.2**: Take the [CIS controls](./CIS_Controls_v8_Online.22.02.pdf) and give some examples (minimum 5) of controls from this standard that are not or not enough implemented in the calculator app. Provide a short description and a possible remediation. Implement at least two of the controls in the app / pipeline.
|
|
- **Q2.3 (optional)**: The linter from question 1.3 is a good start. It is only executed in your pipeline. But what if you would also integrate it directly in your local development environment (e.g. IDE)? Can you do the linting before you commit? Describe your solution and implement it in your (local) pipeline. Describe the advantages and disadvantages of this approach.
|
|
|
|
# Answers - Part 2
|
|
## Q2.1
|
|
Solution is to add a `rule` section to add condition to trigger the pipeline. It's what is implemented for the `docker-build` job. Another option is to use an `only` section to trigger the pipeline only if the change is made in a specific branch. It's what is implemented for the `pages` job.
|
|
|
|
## Q2.2
|
|
|
|
### Example 1 - 3.6 Encrypt Data on End-User Devices
|
|
|
|
**description**
|
|
Sensible data is everywhere. It is also on the end user's device. It is primordial to keep it secure.
|
|
|
|
**mitigation**
|
|
There is multiple ways to secure data. CIS suggests the following : Windows BitLocker®, Apple FileVault®, Linux® dm-crypt.
|
|
|
|
### Example 2 - 4.3 Configure Automatic Session Locking on Enterprise Assets
|
|
|
|
**description**
|
|
A logged in computer doesn't check permanantly for the user's identity. A user could by mistake leave his computer open and logged in, give way for anyone ill-intentionned with physical access to use the computer with it's permissions.
|
|
|
|
**mitigation**
|
|
Forcing an auto-logout after a few minutes.
|
|
|
|
### Example 3 - 5.2 Use Unique Passwords
|
|
|
|
**description**
|
|
If a user uses the same password everywhere, it only needs one to get compromised and everything is equally compromised.
|
|
|
|
**mitigation**
|
|
Usage of unique passwords and for users use 2FA at least.
|
|
|
|
### Example 4 & 5 with implementation
|
|
|
|
Unfortunately, due to the amount of work we both had, from work and from school, we didn't have enough time to do those last two points.
|
|
We did the rest (except for optionals) though.
|
|
|
|
## Q2.3
|
|
|
|
We can use a pre-commit that runs the linter before committing. This ensures that the code is linted before it is committed, which can help catch errors and improve code quality. However, this approach can be time-consuming and may require additional setup.
|