Fork me on GitHub

Build and Deployment -> Patch Management: Automated PRs for patches

Risk and Opportunity

Risk: Known vulnerabilities components might stay for long and get exploited, even when a patch is available.
Opportunity: Fast patching of third party component is needed. The DevOps way is to have an automated pull request for new components. This includes

Additional Information

Implementation hints

Usefulness and Requirements of this Activity

Usefullness: Very High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low

OWASP SAMM VERSION 2

ISO27001 2017