Violations showing up in wrong accounts after application migration

Question

Violations showing up in wrong accounts after application migration

Closed this issue 8 years ago · 12 comments

Sometimes after migrating an application from one account to another violations of that application get still assigned to the old account. The new owners of the application don't see the violations which can lead to security issues.

Please see TGC-43 and TGC-50 in techjira for examples.

nehalium commented 8 years ago

👍

TomTomaso commented 8 years ago

👍

ifadin commented 8 years ago

👍

nebulorum commented 8 years ago

👍

sezeryilmaz commented 8 years ago

👍

Answer 1 · 2017-02-01T16:45:32.000Z

I'm willing to InnerSource this if possible. Can someone explain to me where the bug is?

Answer 2 · 2017-02-01T17:19:58.000Z

The problem is, that it's not trivial to track if an application has actually been shut down. I was hoping to roll out the new GitHub approval flow quicker and just delete the check for MISSING_SPEC_LINKS in Fullstop, as it has some drawbacks.

Answer 3 · 2017-02-02T08:43:10.000Z

That would be even better. Let me know if you need help with that.

Answer 4 · 2017-02-02T09:00:15.000Z

Switching to the new GitHub flow is up to each individual team. They need to apply and will get an invitation from Tech Controlling. Please refer to our internal docs (Rules of Play) for details.

Answer 5 · 2017-02-02T10:03:13.000Z

Oh, I see. You meant all teams need to switch to the Github flow. Do you recommend whitelisting our app then?

Answer 6 · 2017-02-02T10:39:28.000Z

@nehalium yes, whitelisting is currently the best solution

Answer 7 · 2017-04-05T11:35:31.000Z

As I promised: With complete rollout of the GitHub approval flow, the violation type in question has been removed entirely. This issue won't pop up anymore.