Security Backlog

This document shares current curated security backlog with features and capabilities that are defined in Security Jira board. Please refer Bahmni Security Posture document to get a holistic perspective.

To update JIRA details below, please type “/JIRA“ under Documentation/JIRA column & search your Jira no, click Insert.
This will show the current status on Jira board.

 

Categories

Capabilities / Features

Documentation/JIRA

Bahmni Lite v 1.0 Release

Categories

Capabilities / Features

Documentation/JIRA

Bahmni Lite v 1.0 Release

1

Trivy Secret & Vulnerability Scanning

Analyze false positives or perform quick fixes on Critical vulnerabilities (First Pass)

https://bahmni.atlassian.net/browse/BAH-2416

DONE

2

Perform Vulnerability check in CI (build) using Trivy and fail for Critical issues. Add secret scanning using Trivy in all Bahmni repositories

https://bahmni.atlassian.net/browse/BAH-2193

DONE

3

Machine / Node hardening

OpenSCAP for nodes / machine monitoring

https://bahmni.atlassian.net/browse/BAH-2142

DONE

4

Apply daily critical security updates automatically (e.g EC2)

https://bahmni.atlassian.net/browse/BAH-2412
https://bahmni.atlassian.net/browse/BAH-2382

DEFERRED

5

Firewall

OpenSource / Free option for Bot Management and Traffic Control for Bahmni running on Docker / K8s

https://bahmni.atlassian.net/browse/BAH-2413

DEFERRED

6

Document AWS WAF and Bot Management recommendation for Bahmni Lite

https://bahmni.atlassian.net/browse/BAH-2414

DEFERRED

7

Security Quality Gates

Explore OWASP Zap for Bahmni Security Testing

https://bahmni.atlassian.net/browse/BAH-1961

DEFERRED

8

Automate Static Code Analysis using DeepSource / SonarQube → Documentation

https://bahmni.atlassian.net/browse/BAH-1958
https://bahmni.atlassian.net/browse/BAH-1959

DEFERRED

9

Data Protection

Protect patient documents behind Login (only for older RPM based installation since docker and k8s no longer have this issue)

https://bahmni.atlassian.net/browse/BAH-2417

Not APPLICABLE

10

Encrypt documents at rest (S3/FileSystem/Connected Storage/etc) e.g. Patient Documents

https://bahmni.atlassian.net/browse/BAH-2418

DEFERRED

11

Identity Management

Mitigate default credentials risk

  • Ensure Change password on first login e.g. superman

  • Remove default creds from code e.g. .env, values.yaml etc

https://bahmni.atlassian.net/browse/BAH-1960

DEFERRED

12

Cloud/Infra

Document recommendations on General Cloud hygiene

 

PARTIAL DONE

13

Document Approach on Reporting security incident (Slack, DL etc)

 

DONE

14

Source Code Fixes

Fix hip service critical vulnerabilities

https://bahmni.atlassian.net/browse/BAH-2550

ABDM DONE

15

Fix hiu backend critical vulnerabilities

https://bahmni.atlassian.net/browse/BAH-2551

ABDM DONE

16

Fix hiu-ui critical vulnerabilities

https://bahmni.atlassian.net/browse/BAH-2552

ABDM DONE

17

Fix critical vulnerabilities in ABHA verification repo.

https://bahmni.atlassian.net/browse/BAH-2553

ABDM DONE

18

Fix critical vulnerabilities in Hiu-db code

https://bahmni.atlassian.net/browse/BAH-2554

ABDM DONE

19

Fix Critical Vulnerabilities in Appointments, Bahmni-lab, Bahmni-web, implementer-interface and patient-Documents images/jars

https://bahmni.atlassian.net/browse/BAH-2557

required DONE

20

Fix Critical Vulnerabilities in the crater-atomfeed repo

https://bahmni.atlassian.net/browse/BAH-2786

required DONE

 

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)