You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

DACI Decision

StatusNOT STARTED
ImpactThis decision affects the level of security protection built into the application code developed and deployed by the Lab Booster team.
DriverKRONTIRAS-ext, Pavlos 
ApproverKRONTIRAS-ext, Pavlos 
Contributors
Informed
Due date
Outcome

Tips and info

Recommendations

Contributors

Contributors: I am seeking the right people to get involved in the decision. Add your comments to this page, let's get the conversation started.

Please add:

  • The people directly impacted by this so we can include them.
  • Any references to previous work and investigations that we can leverage.
  • Any constraints and challenges we need to consider to make this decision and following action plan.

Impact rating

Here's an example you can use as a guide.

Decision characteristics
  • The decision will have a material impact on the customer experience OR
  • will significantly impact the roadmap OR
  • will adversely disrupt an internal business process.

HIGH

  • The decision will involve a less than material change to customer experience OR
  • will impact the roadmap OR
  • will impact an existing internal business process

MEDIUM

  • All other decisions
LOW


Background

The application code developed for Lab Booster (DataLab) includes 3rd party libraries that are widely used in the industry but may still include vulnerabilities. Also the business logic within the code along with the application design may itself create vulnerabilities that could expose the Syensqo systems and data to potential bad actors. Including security tools as part of the application code build, and the development practice itself can significantly reduce this risk.

Current state

No standardized security tools are used.

Data for decision support

Options considered

 


Option 1: Do nothingOption 2: AikidoOption 3: SnykOption 4: SonarQubeOption 5: HCL AppScan

Description







Rollout plan







Pros and cons

(plus)

(plus)

(plus)

(minus)

(minus)

(minus)

(plus) Developer-first tool
(plus) Multiple integrations with IDEs and Ci/CD tools
(plus) Real-time scanning during development
(plus) Context-aware, AI-powered analysis, reduces false positives
(plus) Easy to setup/deploy
(plus) Focus on cloud-native security, especially microservices architectures.

(plus)

(minus) Young company (2yo)., not enough track record
(minus) SaaS only
(minus) AI reduces false positives but accuracy is unknown
(minus) SAST only, no DAST capability

(minus)

(plus)

(plus)

(plus)

(minus)

(minus)

(minus)

(plus)

(plus)

(plus)

(minus)

(minus)

(minus)

(plus)

(plus)

(plus)

(minus)

(minus)

(minus)

Risks



New product and community knowledge/skills/support may be limited

AI classification may not be very accurate




Estimated cost and effort



From € 299/mo for 10 users

https://www.aikido.dev/pricing




FAQ

Q1.

A1.


References


RelevanceLink
  









Follow-up action items

  •  


Learn more: https://www.atlassian.com/team-playbook/plays/daci

Copyright © 2016 Atlassian

Creative Commons License
This work is licensed under a Creative Commons Attribution-Non Commercial-Share Alike 4.0 International License.

  • No labels