This document shares current curated security backlog with features and capabilities that are defined in Security Jira board. Please refer Bahmni Security Posture document to get a holistic perspective.
To update JIRA details below, please type “/JIRA“ under Documentation/JIRA column & search your Jira no, click Insert. |
Categories | Capabilities / Features | Documentation/JIRA | Bahmni Lite v 1.0 Release | |
---|---|---|---|---|
1 | Trivy Secret & Vulnerability Scanning | Analyze false positives or perform quick fixes on Critical vulnerabilities (First Pass) |
| |
2 | Perform Vulnerability check in CI (build) using Trivy and fail for Critical issues. Add secret scanning using Trivy in all Bahmni repositories |
| ||
3 | Machine / Node hardening | OpenSCAP for nodes / machine monitoring |
| |
4 | Apply daily critical security updates automatically (e.g EC2) |
| ||
5 | Firewall | OpenSource / Free option for Bot Management and Traffic Control for Bahmni running on Docker / K8s | ||
6 | Document AWS WAF and Bot Management recommendation for Bahmni Lite | |||
7 | Security Quality Gates | Explore OWASP Zap for Bahmni Security Testing | ||
8 | Automate Static Code Analysis using DeepSource / SonarQube → Documentation | |||
9 | Data Protection | Protect patient documents behind Login (only for older RPM based installation since docker and k8s no longer have this issue) |
| |
10 | Encrypt documents at rest (S3/FileSystem/Connected Storage/etc) e.g. Patient Documents | |||
11 | Identity Management | Mitigate default credentials risk
| ||
12 | Cloud/Infra | Document recommendations on General Cloud hygiene | ||
13 | Document Approach on Reporting security incident (Slack, DL etc) |
| ||
14 | Source Code Fixes | Fix hip service critical vulnerabilities |
| |
15 | Fix hiu backend critical vulnerabilities |
| ||
16 | Fix hiu-ui critical vulnerabilities |
| ||
17 | Fix critical vulnerabilities in ABHA verification repo. |
| ||
18 | Fix critical vulnerabilities in Hiu-db code |
| ||
19 | Fix Critical Vulnerabilities in Appointments, Bahmni-lab, Bahmni-web, implementer-interface and patient-Documents images/jars |
| ||
20 | Fix Critical Vulnerabilities in the crater-atomfeed repo |
|
|