Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔐 Security Section #3

Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

🔐 Security Section #3

wants to merge 9 commits into from

Conversation

DavidSint
Copy link

Not sure the way of working previously, but I like my teams to raise PRs at the beginning to allow for early feedback.

This WIP PR will be used for my draft of the security section, as taken on at the meeting on 2023/06/21.

@DavidSint DavidSint marked this pull request as draft June 21, 2023 16:00
@DavidSint
Include headings and basic details
2bfed35 
I've started with a basic outline for topics I think are important
and given some of them the basis of guidance, or some bullet points
of topics that can be expanded on later.
@DavidSint DavidSint changed the title Draft: Security Section Security Section Jun 21, 2023
@DavidSint DavidSint changed the title Security Section 🔐 Security Section Jun 21, 2023
ctcpip
ctcpip reviewed Jun 21, 2023
View reviewed changes
@DavidSint
Include SPbD ref
3139051 
I mentioned the practice, but did not realise it has a term.
This commit includes the feedback from @ctcpip to reference the practice
@joesepi
Copy link
Member

joesepi commented Jun 27, 2023
edited
Loading

There is work going on in the Security Collaboration Space at the OpenJS Foundation to help give guidance to JavaScript developers around security as well. Part of our plan is go take guidance and direction from the OpenSSF and tailor it to JS projects. That being said, we may want to highlight some of the resources at OpenSSF for the time being might be good.

A couple examples:

Note: the Security Collab Space is something of a new effort and there isn't a lot in the repo. We have shifted a lot of our focus at the moment on standing up the grant we received from the Sovereign Tech Fund. See more info on that grant here: https://openjsf.org/blog/2023/05/02/openjs-foundation-receives-major-government-investment-from-sovereign-tech-fund-for-web-security-and-stability/

@DavidSint
Copy link
Author

@joesepi are you suggesting that we include some OpenSSF links as a separate section for external resources or, do you think it should be included in one of the existing titles?

ctcpip and others added 6 commits July 22, 2023 19:05
@ctcpip @DavidSint
✨ add lint config and workflow
bad96b6
@DavidSint
Include comments from 19 Jul Meeting
b1da5c6 
- Include new section on relevant sections from Node.js Reference
  Architecture and include links to that asset in that section
- Edit the header section to include IBM/RedHat value-add i.e. how
  IBM/RedHat have found benefit in using the headers and how we go
  about using them and setting the policy
- Add commentry from the team on threat modeling to enhance this
  section into its own titled topic including mentions to tools like
  Threat Dragon and the STRIDE method of threat analysis
- Include cookies as its own headed topic
- Add OAuth as a note, though this is something @roastlechon may want
  to add to
@DavidSint
Merge branch 'main' of github.com:nodeshift/web-application-reference…
a6a2019 
… into doc/security
@DavidSint
fix: linting
45e81bf
@DavidSint
Topics on Secret Security & Bot detection
cbfad27 
This commit takes the bullet points on keeping secrets secure, and
bot detection and fleshes them out with content, guidance and tools
that have been used by the team.
@DavidSint
Add guidance on helmet library
c48bfdf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctcpip ctcpip ctcpip left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DavidSint @joesepi @ctcpip