diff --git a/ownership.md b/ownership.md index 4fbed67..edcd464 100644 --- a/ownership.md +++ b/ownership.md @@ -18,7 +18,7 @@ N.B. This guidance only intended as a minimum baseline; in practice the expectat ### Security - A basic [security](./security.md) assessment should be performed to understand the risks and available controls. E.g. authentication, network security, encryption, secret management. Expert guidance from outside the team should sought for high risk applications (e.g. processing user data) -- Any dependency manifest files should be scanned using [Snyk Open Source](./snyk.md) +- Any dependency manifest files should be scanned using [Dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-alerts) - Internal tools should be behind Google Authentication - A helper exists for [Scala](https://github.com/guardian/play-googleauth) and authentication can be added to an [ALB directly](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html) - Network-layer restrictions may also be recommended based on the context diff --git a/security.md b/security.md index a8939e3..f0fccdf 100644 --- a/security.md +++ b/security.md @@ -1,7 +1,7 @@ # Security As an organisation we have a low information-security risk appetite. We strive -for excellence when protecting the privacy of our reader's data and the +for excellence when protecting the privacy of our readers' data and the integrity of our systems. **The security of our applications, infrastructure and data is the highest priority.** diff --git a/snyk.md b/snyk.md index c368fe8..e280fa2 100644 --- a/snyk.md +++ b/snyk.md @@ -1,4 +1,7 @@ -# Snyk +# Snyk (DEPRECATED) + +> [!IMPORTANT] +> We recommend using [Github Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) and [Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts) to analyse dependencies for vulnerabilities. ## Introduction