| Categories | Capabilities / Features | Documentation/JIRA | Bahmni Lite v 1.0 Release |
|---|
| 1 | Trivy Secret & Vulnerability Scanning | Analyze false positives or perform quick fixes on Critical vulnerabilities (First Pass) | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2416 |
|---|
|
| |
|---|
| 2 | Perform Vulnerability check in CI (build) using Trivy and fail for Critical issues. Add secret scanning using Trivy in all Bahmni repositories | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2193 |
|---|
|
| |
| 3 | Machine / Node hardening | OpenSCAP for nodes / machine monitoring | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2142 |
|---|
|
| |
|---|
| 4 | Apply daily critical security updates automatically (e.g EC2)
| | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2412 |
|---|
|
| Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2382 |
|---|
|
| | Status |
|---|
| colour | Yellow |
|---|
| title | not requiredDEFERRED |
|---|
|
|
| 5 | Firewall | OpenSource / Free option for Bot Management and Traffic Control for Bahmni running on Docker / K8s | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2413 |
|---|
|
| | Status |
|---|
colour |
|---|
| Yellow | title | not requiredDEFERRED |
|---|
|
|
|---|
| 6 | Document AWS WAF and Bot Management recommendation for Bahmni Lite | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2414 |
|---|
|
| | Status |
|---|
colour | Yellow |
|---|
| title | not requiredDEFERRED |
|---|
|
|
| 7 | Security Quality Gates | Explore OWASP Zap for Bahmni Security Testing | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-1961 |
|---|
|
| | Status |
|---|
| colour | Yellow |
|---|
| title | not requiredDEFERRED |
|---|
|
|
|---|
| 8 | Automate Static Code Analysis using DeepSource / SonarQube → Documentation | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-1958 |
|---|
|
| Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-1959 |
|---|
|
| | Status |
|---|
colour | Yellow |
|---|
| title | not requiredDEFERRED |
|---|
|
|
| 9 | Data Protection | Protect patient documents behind Login (only for older RPM based installation since docker and k8s no longer have this issue) | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2417 |
|---|
|
| | Status |
|---|
| colour | Yellow |
|---|
| title | not requiredDEFERRED |
|---|
|
|
|---|
| 10 | Encrypt documents at rest (S3/FileSystem/Connected Storage/etc) e.g. Patient Documents | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2418 |
|---|
|
| | Status |
|---|
| colour | Yellow |
|---|
| title | not requiredDEFERRED |
|---|
|
|
| 11 | Identity Management | Mitigate default credentials risk Ensure Change password on first login e.g. superman Remove default creds from code e.g. .env, values.yaml etc
| | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-1960 |
|---|
|
| | Status |
|---|
colour | Yellow |
|---|
| title | not requiredDEFERRED |
|---|
|
|
|---|
| 12 | Cloud/Infra | Document recommendations on General Cloud hygiene | | | Status |
|---|
| colour | Yellow |
|---|
| title | not requiredDEFERRED |
|---|
|
|
|---|
| 13 | Document Approach on Reporting security incident (Slack, DL etc) | | | Status |
|---|
| colour | YellowGreen |
|---|
| title | not requiredDONE |
|---|
|
|
| 14 | Source Code Fixes | Fix hip service critical vulnerabilities | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2550 |
|---|
|
| |
|---|
| 15 | Fix hiu backend critical vulnerabilities | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2551 |
|---|
|
| |
| 16 | Fix hiu-ui critical vulnerabilities | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2552 |
|---|
|
| |
| 17 | Fix critical vulnerabilities in ABHA verification repo. | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2553 |
|---|
|
| |
| 18 | Fix critical vulnerabilities in Hiu-db code | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2554 |
|---|
|
| |
| 19 | Fix Critical Vulnerabilities in Appointments, Bahmni-lab, Bahmni-web, implementer-interface and patient-Documents images/jars | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2557 |
|---|
|
| |
| 20 | Fix Critical Vulnerabilities in the crater-atomfeed repo | | Jira Legacy |
|---|
| server | System JIRA |
|---|
| serverId | 32584f0f-f83d-3b0b-b91f-826465c6b0b8 |
|---|
| key | BAH-2786 |
|---|
|
| |