Automatic update code env with known vulnerabilities
To stay secure I would like code env to be scanned periodically for modules and libraries with known vulnerabilities. If a vulnerability is detected the environment is resolved with patched modules/libraries.
For projects running on automation a vulnerable environment is flagged and a bundle with updated env is created and owner/admins are allerted
Comments
-
Turribeach Dataiku DSS Core Designer, Neuron, Dataiku DSS Adv Designer, Registered, Neuron 2023 Posts: 2,101 Neuron
I totally agree with the need for this feature. I just don't think this is something Dataiku should do. Companies have lots of dependencies on external libraries and packages. These do not only exist in Dataiku but in pretty much every modern application or infrastructure stack. As such it makes sense to centralise the scanning of such external libraries and packages in products that can do it across all your applications or infrastructure stack. Indeed there are many security products that do this already, you should contact your company's SecOps team. In fact the current trend is to move to a DevSecOps model which means to Security as part of the Development process. In such model you don't scan packages periodically since packages first need to be approved and validated for use during the Development process.