Appearance

Powered by Platform One

MDO Announcements - 2024

09 Sep 2024: Streamlining Prod Image Scans

Attention Party Bus Customers. As continued work towards our effort to better assess risk within our pipelines, you will notice the following functionalities have been modified:

  • Moving forward you should no longer see Prod Image Scan pipelines created by the MDO bot running in your project. These pipelines have been streamlined to only gather and store CVE data. This change enhances our ability to gather the latest vulnerability information on a released image and compare it against the findings for current images created in your application image build pipelines.

Please Note: If you have any feedback or questions, feel free to let us know in the Party Bus support channel . Thank you!

05 Sep 2024: ArgoCD Pod Restart in production

As requested, we have now rolled out the ability to restart pods in production by utilizing ArgoCD. As a part of this feature request, we have decided that it is more advantageous to be able to restart workloads, not just delete pods to trigger a new rollout. The delete capabilities are still present but we are also adding the ability to Restart Deployments and StatefulSets. See this [how-to]("/docs/Party Bus/Mission DevOps (MDO)/How Tos/ArgoCD/_index.md#restarting-workloads-in-argocd") on more information. Thank you!

03 Sep 2024: Update Image for Maven and Gradle CI templates

Attention Party Bus Customers– as mentioned two weeks ago, we have updated default java images for the maven and gradle pipeline-templates from JDK 11 to JDK 17.

  • registry1.dso.mil/ironbank/opensource/gradle/gradle-jdk11:8.5 to registry1.dso.mil/ironbank/opensource/gradle/gradle-jdk17:7.6
  • registry1.dso.mil/ironbank/opensource/maven/maven-openjdk-11:3.8.6 to registry1.dso.mil/ironbank/opensource/maven/maven-openjdk-17:3.9.3-amazoncorretto-17

22 Aug 2024: Storing release artifacts in the image registry

Attention Party Bus Customers. As continued work towards our effort to better assess risk within our pipelines, you will notice the following functionalities have been added:

  • Two new jobs have been added upload-to-registry and fetch-release-artifacts
    • These jobs facilitate the storage and retrieval of the artifacts used to compare changes between releases
  • Specific artifacts used to compare releases will be stored in your project's container image registry under boe-artifacts

Please Note: If the either of the added job fail for some reason, this will not block you from being able to perform a prod release or block the CTF process. If you have any feedback or questions, feel free to let us know in the Party Bus support channel . Thank you!

15 Aug 2024: Update Image for Maven and Gradle CI templates

Attention Party Bus Customers, we are upgrading default java images for the maven and gradle pipeline-templates in 2 weeks, 30 AUG 2024.

We are currently using JDK11 and we will be moving to JDK17.

  • registry1.dso.mil/ironbank/opensource/gradle/gradle-jdk11:8.5 to registry1.dso.mil/ironbank/opensource/gradle/gradle-jdk17:7.6
  • registry1.dso.mil/ironbank/opensource/maven/maven-openjdk-11:3.8.6 to registry1.dso.mil/ironbank/opensource/maven/maven-openjdk-17:3.9.3-amazoncorretto-17

If you are still using JDK11, please note that your pipelines may potentially break if you are not prepared.

If you are having any issues, please submit a help desk ticket .

30 July 2024: Body of Evidence Release

Attention Party Bus Customers. As continued work towards our effort to better assessing risk within our pipelines, you will notice the following functionalities have been added:

A new job has been added for pipelines that run on the default branch of a project called boe-release. This is a manual/optional job you can run to allow you to create a Body of Evidence (BoE) release. These releases will show up under Deploy -> Releases for your project, just like prod releases. Creating a BoE release will allow you to easily view the summary-report and package-cross-reference, as well as other relevant asset links. It will also package up all the reports generated in the pipeline into a BoE tar archive. These reports will help enable assessment of risk prior to a prod release.

Please Note: If the generate-summary-report job fails for some reason, this will cause the boe-release job to fail if run. However, it will not block you from being able to perform a prod release. Failure of either the generate-summary-report or boe-release jobs will not block the CTF process. If you have any feedback or questions, feel free to let us know in the Party Bus support channel . Thank you!

29 July 2024: Auxiliary Deployments

Teams can request to have another branch deploy to staging and then to production. This is accomplished by having a mirror push changes to another gitlab project. More details in the documentation.

Once consulting with BAMs, you may submit a request to use another branch

24 July 2024: Gitlab Scan Policies

Starting this week, Party Bus is rolling out some scan policies that will inject the Party Bus pipelines with a custom semgrep scan to detect usage of the compromised polyfill[.]io CDN (content delivery network). These scans are implemented using some new Gitlab Ultimate features, namely the Scan Execution Policies. If these scans affect your pipelines in any way or you run into the error: Pipeline filtered out by workflow rules, please open a ticket and we will address accordingly. Thank you!

17 July 2024: Party Bus Risk Based Pipelines

Attention Party Bus Customers. You may have noticed some additional behaviors and jobs added to your pipelines. Party Bus is gathering information and re-assessing the way that we look at risk within our pipelines. You will notice the following functionalities have been added, including but not limited to:

  • The addition of Prod and Staging comparison tools to evaluate how secure your staging deployments are compared to what is deployed in production
  • The gathering of artifacts including but not limited to SBOMs, pipeline commit information, scanning tool versions. Most notably, new jobs run after your staging and production releases to push SBOMs to our internal software inventory and vulnerability dashboard, DefectDojo
  • A list of CVEs within your project, prioritized by some experimental factors (will be refined in future)
  • Lastly, An executive summary of the items mentioned above, which can be found in the releases area of your project after a production deploy

Currently, there are no required actions or gate checks within the new stages/steps within the pipelines as it is all information gathering at this time. We aim to provide a better picture of health for yourselves and our team. Additionally, we will continue announce more changes as we add and refine this process. If you have any feedback, feel free to let us know in the Party Bus support channel . Thank you!

20 Jun 2024 : after_script commands moving to script

GitLab is changing the behavior of the after_script keyword in v17. It will run for cancelled jobs, which is not our desired behavior. We have been using it to run additional commands after the "main" script block. We will be moving that logic to the script block. The after_script block allowed commands to fail and not affect the status of the job, whereas commands in the script block will. Pipelines run after the change may now be blocked because of previously ignored errors. Please address issues in your repo as needed and/or open a help desk ticket if the pipeline needs to be adjusted.

Common issues found:

  • .vue converter => Fortify is unable to process .vue files; we have scripts to convert them into .js files; make sure they are compatible with your pipeline
  • executing commands on files that do not exist => the files were either moved or the commands are no longer needed; please let us know how it needs to be adjusted

04 Mar 2024 : pgAdmin is now available!

PGAdmin can be used to manage your data without having to go through the help desk. In staging, you'll be able to fully manage your data. This means creating tables, inserting data, updating rows, and even deleting data. You can even have PGAdmin in production! Even though it's locked down to read-only, it remains as an important asset in investigating your most obscure/elusive production bugs.

Request to have PGAdmin today by submitting a help desk ticket !

Note, please submit one ticket per environment. For example, if you have il2-staging and il4-prod, you would submit two tickets.

Please refer to our pgadmin documentation for more details.

Powered By Platform One