Skip to content

Security: ConductionNL/review-component

Security

SECURITY.md

SECURITY

Security of your common ground component henchmens on a few factors and is (in fact) for the most part provided by the common ground ecosystem. But there are definitely some steps that you should undertake yourself. We will however first briefly explain the security principles set in place so that you understand how you are being supported and what the limitation of that support is.

Codebase

First of the code base, if you are extending the common ground-proto-component your code base will exist out of three parts.

  • The general API-Platform framework and vendor libraries
  • The common ground specific extensions
  • Your personal code

For the first two parts there is very little to worry about, symphony has an excellent safety reputation.

What you sould however definitly do...

Containers

Deployment Klusters

Authentication versus Authorization (Better known as access)

Automated testing (travis)

So what should you do?

  • Follow the steps to regularly merge updates from the common ground proto repository into your codebase
  • Use the provided travis ci scipting

There aren’t any published security advisories