Security hardening of Ampersand applications.

[stefjoosten]

Problem

A non-urgent but important issue is security. If a prototype is deployed, it is subjected to all kinds of attacks and security scans. We don't have good insight into its security characteristics. As a consequence, we don't have answers when asked about security flaws.

An example is this: a repository of images created by Ampersand gives the following analysis:

Required solution

I would like to be able to react to situations like this with a fact-based, written analysis of Ampersand prototypes. I would like to assess the risk of deployment based on real risks instead of speculative fantasy triggered by signals like this example.

Proposed solution.

The first step is to make an analysis ourselves, write it down, and take it from there.

This issue is also related to RAP security hardening
Describe alternatives you've considered

Additional context

[hanjoosten]

@stefjoosten, The image you supply seems to be a snapshot of a report generated by some tool. Could you elaborate on that? What does the tool itself say about these vulnerabilities?

I expect that quite a few of these vulnerabilities are caused by (outdated?) dependencies we have. Making sure we update regularly mitigates this problem. On the other hand, even if we would update on a daily basis (pretty hard to do with our limited resources), this does not prevent all vulnerabilities.

[Michiel-s]

First of all, I think this is an issue that is about the prototype framework, not the compiler. Compiler is only used at compile time of application prototypes and doesn't impose runtime vulnerabilities. We can move this issue to that repo.

Furthermore, we should keep in mind that we are talking about prototypes. Not production ready software applications. I know from experience that lifting prototypes to production can be done, also in a secure way, but it requires a lot of effort and also depends on the infrastructure, e.g. are you serving the app behing a reverse proxy (like NGINX ingress controller) or exposing it with docker on a regular VM. I think this is effort that should be done by the one who want to bring it to production.

What we can and need to do is stay up to date with library dependencies and base container images. We can pick that up in a dedicated issue and I propose to close this one.

[Michiel-s]

@hanjoosten, the screenshot you see is from a vulnerability scanner for container images. It looks for potential issues with ALL libraries, tools and software in a container. That means also for linux tools and everything. The only way to reduce this number is to build push our code often and use most recent stable base images. For our purpose of the prototype I don't see the urgency here and therefore I ignore these reports.