Analyze false positives or perform quick fixes on Critical vulnerabilities (First Pass)

Perform Vulnerability check in CI (build) using Trivy and fail for Critical issues. Add secret scanning using Trivy in all Bahmni repositories

OpenSCAP for nodes / machine monitoring

Apply daily critical security updates automatically (e.g EC2)

OpenSource / Free option for Bot Management and Traffic Control for Bahmni running on Docker / K8s

Document AWS WAF and Bot Management recommendation for Bahmni Lite

Explore OWASP Zap for Bahmni Security Testing

Automate Static Code Analysis using DeepSource / SonarQube → Documentation

Protect patient documents behind Login (only for older RPM based installation since docker and k8s no longer have this issue)

Encrypt documents at rest (S3/FileSystem/Connected Storage/etc) e.g. Patient Documents

Mitigate default credentials risk

• Ensure Change password on first login e.g. superman

• Remove default creds from code e.g. .env, values.yaml etc

Document recommendations on General Cloud hygiene

Document Approach on Reporting security incident (Slack, DL etc)

Fix hip service critical vulnerabilities

Fix hiu backend critical vulnerabilities

Fix hiu-ui critical vulnerabilities

Fix critical vulnerabilities in ABHA verification repo.

Fix critical vulnerabilities in Hiu-db code

Fix Critical Vulnerabilities in Appointments, Bahmni-lab, Bahmni-web, implementer-interface and patient-Documents images/jars

Fix Critical Vulnerabilities in the crater-atomfeed repo