🚀 Security Dashboard POC (Part 1) - Alerts and Policies UI Components

app-config.yaml

@@ -114,3 +114,24 @@ catalog:
         schedule:
           frequency: { minutes: 60 }
           timeout: { minutes: 15 }
+  rules:
+    - allow:
+        [
+          Component,
+          API,
+          Location,
+          Template,
+          Resource,
+          System,
+          Group,
+          Domain,
+          Policy,
+          Alert,
+        ]
+  locations:
+    - type: file
+      target: ../../catalog-info.yaml
+    - type: file
+      target: ../../examples/policies-generated.yaml
+    - type: file
+      target: ../../examples/alerts.yaml

catalog-info.yaml

@@ -1,13 +1,191 @@
 apiVersion: backstage.io/v1alpha1
+kind: Group
+metadata:
+  name: digital-office
+  title: Digital Office
+  description: OCIO Digital Office
+spec:
+  type: division
+  children: []
+---
+apiVersion: backstage.io/v1alpha1
+kind: Domain
+metadata:
+  name: ecosystem
+  title: Digital Ecosystem
+  description: BC Government Digital Ecosystem
+spec:
+  owner: group:digital-office
+---
+apiVersion: backstage.io/v1alpha1
+kind: Domain
+metadata:
+  name: ecosystem-enablers
+  title: Ecosystem Enablers
+  description: Internal services developed or governed by the BC Government for the benefit of the BC Government Digital Ecosystem
+spec:
+  owner: group:digital-office
+  subdomainOf: ecosystem
+---
+apiVersion: backstage.io/v1alpha1
+kind: Domain
+metadata:
+  name: digital-services
+  title: Digital Services
+  description: External Digital Services developed by the BC Government
+spec:
+  owner: group:digital-office
+  subdomainOf: ecosystem
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: silver
+  description: BC Gov silver-tier shared OpenShift/Kubernetes cluster.
+spec:
+  type: kubernetes-cluster
+  owner: group:bcgov/platform-services-team
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: gold
+  description: BC Gov gold-tier shared OpenShift/Kubernetes cluster.
+spec:
+  type: kubernetes-cluster
+  owner: group:bcgov/platform-services-team
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: gold-dr
+  description: BC Gov gold-tier shared disaster recovery OpenShift/Kubernetes cluster.
+spec:
+  type: kubernetes-cluster
+  owner: group:bcgov/platform-services-team
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: emerald
+  description: BC Gov emerald-tier shared OpenShift/Kubernetes cluster.
+spec:
+  type: kubernetes-cluster
+  owner: group:bcgov/platform-services-team
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: xyz123-tools
+  description: For deployment of tools and utilities related to live apps.
+spec:
+  type: kubernetes-namespace
+  owner: group:bcgov/bc-parks-reservation
+  system: bcparks-reservation
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: xyz123-dev
+  description: For deployment of development application artifacts.
+spec:
+  type: kubernetes-namespace
+  owner: group:bcgov/bc-parks-reservation
+  system: bcparks-reservation
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: xyz123-test
+  description: For deployment of test application artifacts.
+spec:
+  type: kubernetes-namespace
+  owner: group:bcgov/bc-parks-reservation
+  system: bcparks-reservation
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: xyz123-prod
+  description: For deployment of production application artifacts.
+spec:
+  type: kubernetes-namespace
+  owner: group:bcgov/bc-parks-reservation
+  system: bcparks-reservation
+---
+apiVersion: backstage.io/v1alpha1
+kind: System
+metadata:
+  name: bcparks-reservation
+  description: BC Parks reservation system.
+spec:
+  owner: group:bcgov/developer-experience
+  lifecycle: production
+  domain: digital-services
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: reserve-rec-public
+  description: For the Parks and Recreation Digital Transformation project.
+  annotations:
+    github.com/project-slug: bcgov/reserve-rec-public
+spec:
+  system: bcparks-reservation
+  type: website
+  owner: group:bcgov/bc-parks-reservation
+  lifecycle: production
+  dependsOn:
+    - component:reserve-rec-api
+    - resource:devhub-techdocs-bucket
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: reserve-rec-api
+  description: For the Parks and Recreation Digital Transformation project.
+  annotations:
+    github.com/project-slug: bcgov/reserve-rec-api
+spec:
+  system: bcparks-reservation
+  type: service
+  owner: group:bcgov/bc-parks-reservation
+  lifecycle: production
+  dependsOn:
+    - resource:reserve-rec-db
+---
+apiVersion: backstage.io/v1alpha1
 kind: Component
 metadata:
-  name: developer-portal
-  description: A portal for the BC Government developer community.
+  name: reserve-rec-admin
+  description: For the Parks and Recreation Digital Transformation project.
   annotations:
-    github.com/project-slug: bcgov/developer-portal
-    github.com/team-slug: bcgov/teams/exchange-lab-developer-portal-team
-  #   backstage.io/techdocs-ref: dir:.
+    github.com/project-slug: bcgov/reserve-rec-admin
 spec:
+  system: bcparks-reservation
   type: website
-  owner: group:bcgov/exchange-lab-developer-portal-team
-  lifecycle: experimental
+  owner: group:bcgov/bc-parks-reservation
+  lifecycle: production
+  dependsOn:
+    - component:reserve-rec-api
+    - resource:devhub-techdocs-bucket
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: reserve-rec-db
+  description: Data store for BC Parks reservation system.
+spec:
+  type: database
+  owner: group:bcgov/bc-parks-reservation
+  system: bcparks-reservation
+---
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: reserve-rec-bucket
+  description: Stores documents and other related assets related to support the BC Parks Reservation system.
+spec:
+  type: s3-bucket
+  owner: group:bcgov/bc-parks-reservation
+  system: bcparks-reservation

examples/alerts.yaml

@@ -0,0 +1,59 @@
+apiVersion: bc-gov/alertsv1
+kind: Alert
+metadata:
+  name: alert-1
+spec:
+  policy: dependency-analysis
+  alert: Low risk vulnerability detected in node-cron
+  category: Dependencies
+  level: Recommended
+  severity: Warning
+  entity: component:reserve-rec-public
+---
+apiVersion: bc-gov/alertsv1
+kind: Alert
+metadata:
+  name: alert-2
+spec:
+  policy: critical-dependencies
+  alert: OpenSSL vulnerability detected
+  category: Runtime
+  level: Required
+  severity: Warning
+  entity: resource:emerald
+---
+apiVersion: bc-gov/alertsv1
+kind: Alert
+metadata:
+  name: alert-3
+spec:
+  policy: critical-dependencies
+  alert: Low risk vulnerability detected in React
+  category: Dependencies
+  level: Recommended
+  severity: Info
+  entity: resource:gold
+---
+apiVersion: bc-gov/alertsv1
+kind: Alert
+metadata:
+  name: alert-4
+spec:
+  policy: unencrypted-credentials
+  alert: Found possible secrets in repository
+  category: Secrets
+  level: Required
+  severity: Critical
+  entity: resource:xyz123-tools
+---
+apiVersion: bc-gov/alertsv1
+kind: Alert
+metadata:
+  name: alert-5
+spec:
+  policy: automatic-updates
+  alert: Automatic dependency updates were not detected
+  category: Dependencies
+  level: Optional
+  severity: Info
+  entity: component:bcparks-reservation