You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This improvement relates to version control and safety of our PII scan during file extraction.
The service config currently specifies a target directory for which to find rules files in. If this option is mis-configured, or a rules file has been moved, modified, or deleted, then it will not be loaded and the expected scan rules will silently be skipped.
We could add a new list to the config in which to specify each expected rule file and its checksum, in order to verify that the expected rules are being applied. This would achieve some level of change management over our scan rules, which are currently not captured in any version control system.
The text was updated successfully, but these errors were encountered:
This new issue will address there not being any rules files in the provided dir SMI/IsIdentifiable#132
That should go some way to helping. I think that if there is a system level expectation of certain rules files then this might be better handled with a startup bash script e.g.
if not contains <path.to.config> "expected rules dir"
exit 1
if ls "expected rules dir" not contains bob.yaml
exit 2
if ls "expected rules dir" not contains sockets.yaml
exit 3
start microservice
Or what about using git to version the rules? can we install standalone git server. The reviewer already has a rules base manager/browser so all we really need is version control.
This improvement relates to version control and safety of our PII scan during file extraction.
The service config currently specifies a target directory for which to find rules files in. If this option is mis-configured, or a rules file has been moved, modified, or deleted, then it will not be loaded and the expected scan rules will silently be skipped.
We could add a new list to the config in which to specify each expected rule file and its checksum, in order to verify that the expected rules are being applied. This would achieve some level of change management over our scan rules, which are currently not captured in any version control system.
The text was updated successfully, but these errors were encountered: