07/06/2021- 07/20/2021
- The Engineering team continued to work on Secret Key Epic tickets and various devops related tickets to finishing out ATO functionality as well as accessibility work for Django admin and other areas.
- The UX Research team focused on Parsing Error blockers and understanding Regional Staff user journeys, and began investigations into the user access request journey
- NextGen XMS and ACF AMS teams have given us technical information in order to assess and estimate our technical implimentation and recommendation to TDP Product Owner and tech lead. Our next task is to write integration tickets and estimate this work and provide a recommendation to OFA.
- Finish closing ATO functionality tickets
- Focus on Secret Key Leakage Mitigation Epic
- UX Ideation for Parsing Blocker Communications
- Django Admin a11y Fixes (Sprint 1) #973
- (UX Sprint 24) Current State Analysis of Error Communication and Regional Staff Workflow Validation #1018
- Documentation of current staging environments for TDP #1051 SPIKE: File transfer options for Tribal MVP #1011
Raft Review
- [EPIC] As an OFA admin, I can download raw file #89
- Groups: Rename
Data PreppertoData Analyst#1071 - Perform scheduled OWASP scans against deployed site(s) #1032
- [Devops] Allow pa11y to scan views that require authorization #1044
- [Frontend] Hook upload and download to real API endpoints #834
Blocked
- Update ATO docs and corresponding code docs #962
In Progress
- Django Admin a11y Fixes (Sprint 2)#1053
- As a tadpole, I want to know the platform I use to login to TDP (new TDRS)#379
- As tech lead, I want to know the steps that will be followed to use updated buildpacks for TDP apps #1045
- As an OFA Admin, I want an accessible, 508-compliant user interface for managing permissions #892
- Deployed environments should pull AWS credentials from Cloud.gov provided environment variables #971
- SPIKE: Authentication Feasibility Research #1046
Current Sprint Backlog
- As a dev, I need to know which authentication service we're using (login.gov vs. NextGen XMS) #638
- [DevOps] Generate a new, random DJANGO_SECRET_KEY on initial Cloud.gov deployments or rebuilds #967
- As a dev, I want an automated tool to prevent me from committing secret keys to the repo #965
- [EPIC] Secret Key Leakage Mitigation #972
- As TDP SO/TL, I need a basic security awareness training developed for IS users (AT-02)#953
- I want a client-side Content Security Policy to protect me from XSS and other client side attacks #907
- Audit Config & Inspection for Production Environment #897
- As a dev, I want Terraform changes to be reflected in label driven deployments (GitHub Action) #1059
- [DevOps] Perform validation on Codecov Bash Uploader script during CI steps #968
- (UX Sprint 24) Current State Analysis of Error Communication and Regional Staff Workflow Validation #1018 - Miles/ Dmitri
- TDP Staging Site #1051 - Jorge
- Django Admin a11y Fixes (Sprint 1) #973 - Jorge, locally
- (Pre QASP)[Frontend] Hook upload and download to real API endpoints #834 - John
- (Pre QASP)[Devops] Allow pa11y to scan views that require authorization #1044 - Aaron