Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 49 Next »

This document shares current curated security backlog with features and capabilities that are defined in Security Jira board. Please refer Bahmni Security Posture document to get a holistic perspective.

To update JIRA details below, please type “/JIRA“ under Documentation/JIRA column & search your Jira no, click Insert.
This will show the current status on Jira board.

Categories

Capabilities / Features

Documentation/JIRA

Bahmni Lite v 1.0 Release

1

Trivy Secret & Vulnerability Scanning

Analyze false positives or perform quick fixes on Critical vulnerabilities reported by Trivy (First Pass)

BAH-2416 - Getting issue details... STATUS

DONE

2

Perform Vulnerability check in CI (build) using Trivy and fail for Critical issues. Add secret scanning using Trivy in all Bahmni repositories

BAH-2193 - Getting issue details... STATUS

DONE

3

Machine / Node hardening

OpenSCAP for nodes / machine monitoring

BAH-2142 - Getting issue details... STATUS

DONE

4

Apply daily critical security updates automatically (e.g EC2)

BAH-2412 - Getting issue details... STATUS
BAH-2382 - Getting issue details... STATUS

NOT REQUIRED

5

Firewall

OpenSource / Free option for Bot Management and Traffic Control for Bahmni running on Docker / K8s

BAH-2413 - Getting issue details... STATUS

NOT REQUIRED

6

Document AWS WAF and Bot Management recommendation for Bahmni Lite

BAH-2414 - Getting issue details... STATUS

NOT REQUIRED

7

Security Quality Gates

Explore OWASP Zap for Bahmni Security Testing

BAH-1961 - Getting issue details... STATUS

NOT REQUIRED

8

Automate Static Code Analysis using DeepSource / SonarQube → Documentation

BAH-1958 - Getting issue details... STATUS
BAH-1959 - Getting issue details... STATUS

NOT REQUIRED

9

Data Protection

Protect patient documents behind Login (only for older RPM based installation since docker and k8s no longer have this issue)

BAH-2417 - Getting issue details... STATUS

NOT REQUIRED

10

Encrypt documents at rest (S3/FileSystem/Connected Storage/etc) e.g. Patient Documents

BAH-2418 - Getting issue details... STATUS

NOT REQUIRED

11

Identity Management

Certificates: Document secure way to generate and manage certificates

BAH-2419 - Getting issue details... STATUS

DONE

12

Mitigate default credentials risk

  • Ensure Change password on first login e.g. superman

  • Remove default creds from code e.g. .env, values.yaml etc

BAH-1960 - Getting issue details... STATUS

NOT REQUIRED

13

Cloud/Infra

Document recommendations on General Cloud hygiene

NOT REQUIRED

14

Document Approach on Reporting security incident (Slack, DL etc)

NOT REQUIRED

15

Fix Critical vulnerabilities in infra namespaces

BAH-2497 - Getting issue details... STATUS

BAH-2498 - Getting issue details... STATUS

INFRA
REQUIRED

16

Source Code Fixes

Fix Critical and High vulnerabilities in bahmni-reports repo as per the Trivy reports

BAH-2490 - Getting issue details... STATUS

DONE

17

Hip and otp-service - dotnet version outdated

BAH-2494 - Getting issue details... STATUS

DONE

18

Refactor docker image creation for HIP-atomfeed and hiu-db

BAH-2461 - Getting issue details... STATUS

DONE

19

Upgrade node version in the hiu-ui repo

BAH-2512 - Getting issue details... STATUS

DONE

20

Fix security vulnerabilities in hiu module

BAH-2520 - Getting issue details... STATUS

DONE

21

Fix critical vulnerabilities in crater-atomfeed

BAH-2405 - Getting issue details... STATUS

DONE

22

Fix critical vulnerabilities in otp-service code

BAH-2555 - Getting issue details... STATUS

DONE

23

Fix Critical Vulnerabilities in rabbitmq image

BAH-2556 - Getting issue details... STATUS

DONE

24

Fix Critical Vulnerabilities in postgres image

BAH-2592 - Getting issue details... STATUS

DONE

25

openmrs-module-appointments-frontend [Fix generated as PR by Dependabot]

BAH-2670 - Getting issue details... STATUS

DONE

26

Fix hip-atomfeed critical vulnerabilities

BAH-2549 - Getting issue details... STATUS

DONE

27

Fix bahmni/crater-php Dependency Vulnerabilities

BAH-2432 - Getting issue details... STATUS

DONE

28

Fix hip service critical vulnerabilities

BAH-2550 - Getting issue details... STATUS

ABDM REQUIRED

29

Fix hiu backend critical vulnerabilities

BAH-2551 - Getting issue details... STATUS

ABDM REQUIRED

30

Fix hiu-ui critical vulnerabilities

BAH-2552 - Getting issue details... STATUS

ABDM REQUIRED

31

Fix critical vulnerabilities in ABHA verification repo.

BAH-2553 - Getting issue details... STATUS

ABDM REQUIRED

32

Fix critical vulnerabilities in Hiu-db code

BAH-2554 - Getting issue details... STATUS

ABDM REQUIRED

33

Fix Critical Vulnerabilities in Appointments, Bahmni-lab, Bahmni-web, implementer-interface and patient-Documents images/jars

BAH-2557 - Getting issue details... STATUS

REQUIRED

34

Fix Critical Vulnerabilities in the crater-atomfeed repo

BAH-2786 - Getting issue details... STATUS

REQUIRED

35

36

WASA Testing

Clickjacking
Medium

BAH-2672 - Getting issue details... STATUS

INFRA
CRATER REQUIRED

37

Authentication bypass via response manipulation

Medium

BAH-2562 - Getting issue details... STATUS

PRODUCT
CRATER REQUIRED

38

Improper Session Management

Medium

BAH-2563 - Getting issue details... STATUS

PRODUCT
CRATER REQUIRED

39

Host Header Injection

Medium

BAH-2564 - Getting issue details... STATUS

PRODUCT
CRATER REQUIRED

40

Improper error handling

Medium

BAH-2566 - Getting issue details... STATUS

PRODUCT REQUIRED

  • No labels

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)