We Fixed 2k+ Security Issues (2023)

Summary

In this article we explain our journey towards Continuous Security Audits to detect and remediate potential Security Issues within our OpenSource offerings at Dgraph Labs Inc. As part of this initiative, we have integrated a selection of toolsets that facilitate Continuous Security Audits, leveraging our new CI/CD Setup built upon the robust foundation of GitHub Actions. Our new setup provides Improved Visibility and Faster Security Issue Resolution for both our organization and our esteemed customers. Notably, within a concise timeframe (~3-months), we have successfully addressed over 2k+ security issues, significantly bolstering our SOC2 compliance endeavors. Before we begin - we would like to give you an overview of our Security Landscape and explain our Goals for handling these Security Issues at Dgraph Labs Inc. In this blog, our primary focus revolves around the security aspects pertaining to our OpenSource codebase. Our OpenSource ecosystem can be categorized into three distinct areas, as visually depicted in the below image. Broadly speaking, our security audit endeavors encompass the following layers - Our Code, Our Binary Artifacts & Our Docker Images. Each layer in the above pyramid can bring in different kinds of security concerns for us (& our customers). Due to the OpenSource nature of our product, it is imperative that we exercise additional vigilance in bolstering security measures within our layers. The presence of any vulnerabilities within our product can potentially lead to exploitation. It is crucial to note that such exploits extend beyond impacting solely our OpenSource user base; they also pose a risk to our Cloud DBaaS users. Our standard release process entails a meticulous sequence, commencing with a Tag Checkpoint on the underlying Code, followed by building our Binary Artifacts and lastly constructing our Docker Images. The aforementioned pyramid serves not only as a visual representation of our security layers but also as a direct refle...