Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add Risk Engine configuration #633

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

risk-engine-production[bot]
Copy link

Summary

This PR introduces the RiskEngineConfig.yaml file, enabling Risk Engine in your team's repository. For a deeper understanding, please visit here. While Risk Engine assumes reasonable defaults for your project, we recommend tailoring your riskEngineConfig.yaml prior to merging this PR. See the Risk Engine Config File Setup guide for assistance.

What is Risk Engine?

Risk Engine is an automated tool for risk assessment. Its design promotes responsible deployment within digital organizations without causing bureaucratic delays. Developers receive comprehensive insights about their deployments while preserving their autonomy, integrating seamlessly into existing deployment pipelines. Through comprehensive observability, consistent change management, and scalable assessments, Risk Engine aims to reduce incidents and safeguard customer experiences. More details here

What’s In It For Me?

Risk Engine streamlines deployment by auto-approving passing risk assessments, eliminating waits for Release Management approvals, and providing essential non-blocking checks missed by other CI/CD tools. Designed with modularity in mind, Risk Engine allows extensive customization and sharing of plugins across teams, ensuring risk assessments are tailored to specific needs. At it's core, Risk Engine enhances organizational reliability by detecting and informing on potential issues and leveraging deployment data to refine both the tool itself and overall deployment and reliability practices. More details here

Need Assistance?

For any questions or support related to the Risk Engine, please get in touch in our slack channel: #risk-engine-support.

@risk-engine-production
Copy link
Author

Risk Assessment results for 'feat: add Risk Engine configuration'

Source: GitHub Event - Pull Request - Opened

Assessment Details

Summary

Total Risk Threshold Summary
93% 30% Total risk is above the repository risk threshold and the repository is not yet approved for automated release.
Address risk inputs below to lower the total risk before submitting an Embargo Exception Request to Release Management to facilitate deployment.
Click here to start an Embargo Exception Request

Risk Inputs

View calculation and risk details on the Risk Engine UI

Category: Application Status

Risk analysis related to the general configuration and status of the application

Total Application Status Risk: 70

Input Risk Weight Details
🔴 Code Analysis Alerts 100% 3 Unable to assess Code Analysis Alerts - no analysis found - more...
🔴 Dynatrace Vulnerability Alerts 100% 3 Unable to check dynatrace vulnerability alerts risk - The application tds-community-production does not appear to be configured correctly. - more...
🔴 Vulnerability Alerts 100% 1 Found 97 OPEN and 0 DISMISSED vulnerabilities on branch master - Risk from security vulnerabilities is 100% - See Alerts
🔴 Innersource Health 100% 1 Repository telus/tds-community has a public visibility - This should be set to internal to support the Innersource model - more...
🔴 Git Branch Protection 60% 3 Branch master is missing the following protections: Requires Status Checks, Requires Code Owner Reviews, Requires Commit Signatures - more...
See all Risk Inputs
Input Risk Weight Details
🟢 Secret Scanning Alerts 0% 3 No exposed secret scanning alerts found for this application - more...
🟢 Error Budget 0% 0 Availability score based on an org-wide ~100% uptime this month as of Thu, Nov 10, 6 PM EST. Improve the accuracy of this result by adding your team to the Risk Engine Config File. - more...

Category: Change Specific

Risk analysis related to the changes for the current assessment

Total Change Specific Risk: 23

Input Risk Weight Details
🔴 Changed Files 50% 3 Checked risk of changed files - Risk from files changed is 50% - Risk from missing required changes is 0%
🟢 Lines Changed 6% 2 +45 additions -0 deletions
See all Risk Inputs
Input Risk Weight Details
🟢 Semantic Commit 0% 2 Analyzed risk of Semantic Commit messages - feat: 1

Category: Additive

Risk analysis related to critical and/or external factors

Total Additive Risk: 0

See all Risk Inputs
Input Risk Details
🟢 Embargo 0% No Current Embargo - Checked on: Tue, Jan 9, 1:55 PM EST - more...
🟢 Risk Config File Health 0% File is complete and well formed - more...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants