Build and Deployment -> Patch Management: Automated PRs for patches

Risk and Opportunity

Risk: Known vulnerabilities components might stay for long and get exploited, even when a patch is available.

Opportunity: Fast patching of third party component is needed. The DevOps way is to have an automated pull request for new components. This includes

Applications
Virtualized operating system components (e.g. container images)
Operating Systems
Infrastructure as Code/GitOps (e.g. argocd)

Additional Information

Implementation hints

dependabot, Link, Tags:
Jenkins, , Tags:

Usefulness and Requirements of this Activity

Usefullness: Very High

Required knowledge: Low (one discipline)

Required time: Low

Required resources (systems): Low

OWASP SAMM VERSION 2

O-EM-1-B

ISO27001 2017

12.6.1
14.2.5