SaFi Bank Space : Engineering handover - Devops

Created by Peter Luknár, last modified by Jideo Pena (Unlicensed) on Dec 06, 2022

This is the list of what should be handed over (checked by SaFi side after handed over), and also it is a good agenda for the handover meeting:

  • Jira - how is the work managed, how to work with it
  • Confluence - how is documentation structured, a brief overview
  • 3rd parties - what, for what, where it is documented
  • Contact persons/channels - for 3rd parties, products, …
  • Credentials - where are they, how are they managed
  • Dev level test - what is covered, what not, where to put the focus, where to be careful
  • Bugs/VAPT findings - which are there for SaFi to pick up
  • Planned development for MVP
  • Ownership handover
  • For developers (workshops)

Technical Handovers sessions:

Jira

Sub-squads Boards:

Core Banking
Core Foundation
Data Foundation
App Foundation
SRE

Legacy board:

SaFi Infrastructure

Note: Issues are filtered out in boards based on the Component attribute assigned to each specific issue.

Confluence

Root of documentation: SRE/DevOps

3rd parties

Information on 3rd parties utilized by Application squads can be found in the respective Engineering handover documents.

Communication between VL team and respective 3rd parties has been usually established directly by Ion Mudreac and Jideo Pena (Unlicensed).

Contacts

Describe important persons and communication channels (e.g. with 3rd party in Lark)

Ion Mudreac - Technical/Business owner

User b6b4a - Security requirements

Andre Laksmana (Unlicensed) - Application Team Front-End (DK)

User 87682,Lukas Civin - Big Data processing

Other squads: Squad Stakeholders

Credentials

https://safibank.atlassian.net/wiki/spaces/ITArch/pages/222495316/Handover+Notes+-+Others#Credentials%2FAdmin-Access

Dev level test

N/A - no tests were planned and neither implemented

Bugs/VAPT findings

VAPT done on the application level - all vulnerabilities were reported on the application level. App squads may need assistance/involvement of DevOps in remediation of some issues - either by creating a SRE ticket or reaching out to the squad directly.

Tickets that need DevOps involvement:

  • SAF-130 - SaFi-2022-9 SaFi Mobile Application Information Disclosure via Stack Trace Backlog

  • SAF-142 - SaFi-2022-10 SaFi Mobile Application HTTP Headers And Cookies Best Practices Done

  • SM-7448 - SaFi-2022-24 SaFi Mobile Lack of SSL Certificate Pinning Done

Full VAPT vulnerabilities report to review.

Planned development for MVP

Roadmap

Src: https://miro.com/app/board/uXjVPN2ub5k=/

See also Backlogs (To Do) per individual components (Core Banking, Core Foundation, Data Foundation, App Foundation, SRE).

Open VL tickets

T Key Summary Assignee Reporter P Status Resolution Created Updated Due
No issues found

Open SRE tickets

T Key Summary Assignee Reporter P Status Resolution Created Updated Due
No issues found

Attachments:

Devops Planning.pdf (application/pdf)
Devops Planning (1).pdf (application/pdf)