Security Backlog

This document shares current curated security backlog with features and capabilities that are defined in Security Jira board. Please refer Bahmni Security Posture document to get a holistic perspective.

To update JIRA details below, please type “/JIRA“ under Documentation/JIRA column & search your Jira no, click Insert.
This will show the current status on Jira board.

	Categories	Capabilities / Features	Documentation/JIRA	Bahmni Lite v 1.0 Release

	Categories	Capabilities / Features	Documentation/JIRA	Bahmni Lite v 1.0 Release
1	Trivy Secret & Vulnerability Scanning	Analyze false positives or perform quick fixes on Critical vulnerabilities (First Pass)	BAH-2416: Analise false positives or perform quick fixes on Critical vulnerabilities reported by TrivyClosed	DONE
2	Trivy Secret & Vulnerability Scanning	Perform Vulnerability check in CI (build) using Trivy and fail for Critical issues. Add secret scanning using Trivy in all Bahmni repositories	BAH-2193: [Security - Infra] Bahmni Agents - Secrets and Dependency Scanning using TrivyClosed	DONE
3	Machine / Node hardening	OpenSCAP for nodes / machine monitoring	BAH-2142: [Security - Infra] Bahmni Agents - OS Scanning - OpenSCAPClosed	DONE
4	Machine / Node hardening	Apply daily critical security updates automatically (e.g EC2)	BAH-2412: [SECURITY] Apply daily critical security updates automatically on nodesNeeds Assessment BAH-2382: [Spike] Security updates on EKS Cluster nodesClosed	DEFERRED
5	Firewall	OpenSource / Free option for Bot Management and Traffic Control for Bahmni running on Docker / K8s	BAH-2413: OpenSource / Free option for Bot Management and Traffic Control for Bahmni running on Docker / K8sNeeds Assessment	DEFERRED
6	Firewall	Document AWS WAF and Bot Management recommendation for Bahmni Lite	BAH-2414: Document Bot Management spikes & outcomesBacklog	DEFERRED
7	Security Quality Gates	Explore OWASP Zap for Bahmni Security Testing	BAH-1961: Security testing - Explore OWASP ZAP for BahmniNeeds Assessment	DEFERRED
8	Security Quality Gates	Automate Static Code Analysis using DeepSource / SonarQube → Documentation	BAH-1958: [Security - Frontend] Static code analysis for linting, code smells and security issuesNeeds Assessment BAH-1959: [Security - Backend] Static code analysis for code smells and security issuesReady for Development	DEFERRED
9	Data Protection	Protect patient documents behind Login (only for older RPM based installation since docker and k8s no longer have this issue)	BAH-2417: Protect patient documents behind LoginNeeds Assessment	Not APPLICABLE
10	Data Protection	Encrypt documents at rest (S3/FileSystem/Connected Storage/etc) e.g. Patient Documents	BAH-2418: Encrypt documents at rest (S3/FileSystem/Connected Storage/etc) e.g. Patients DocumentsNeeds Assessment	DEFERRED
11	Identity Management	Mitigate default credentials risk Ensure Change password on first login e.g. superman Remove default creds from code e.g. .env, values.yaml etc	BAH-1960: Cleanup default creds from code and WikiNeeds Assessment	DEFERRED
12	Cloud/Infra	Document recommendations on General Cloud hygiene		PARTIAL DONE
13	Cloud/Infra	Document Approach on Reporting security incident (Slack, DL etc)		DONE
14	Source Code Fixes	Fix hip service critical vulnerabilities	BAH-2550: [Security]Fix hip service critical vulnerabilities Closed	ABDM DONE
15		Fix hiu backend critical vulnerabilities	BAH-2551: [Security] Fix hiu backend critical vulnerabilities Closed	ABDM DONE
16		Fix hiu-ui critical vulnerabilities	https://bahmni.atlassian.net/browse/BAH-2552	ABDM DONE
17		Fix critical vulnerabilities in ABHA verification repo.	https://bahmni.atlassian.net/browse/BAH-2553	ABDM DONE
18		Fix critical vulnerabilities in Hiu-db code	https://bahmni.atlassian.net/browse/BAH-2554	ABDM DONE
19		Fix Critical Vulnerabilities in Appointments, Bahmni-lab, Bahmni-web, implementer-interface and patient-Documents images/jars	https://bahmni.atlassian.net/browse/BAH-2557	required DONE
20		Fix Critical Vulnerabilities in the crater-atomfeed repo	https://bahmni.atlassian.net/browse/BAH-2786	required DONE

Bahmni Wiki

Security Backlog

Analytics

Related content