Containers and container infrastructure is used to host applications at Health Note. Health Note is committed to securing containers against malware, data leaks, and other threats at all stages of the container lifecycle. The purpose of this policy is to ensure that all Health Note containers and container infrastructure are properly managed to maintain data integrity and security.
- Systems and Infrastructure Assets
- Application and Dependencies
- Access to private container registries, Kubernetes clusters, CI/CD pipelines are secured following the least privilege model with Amazon AWS.
- Helm and helm charts are used to orchestrate deployments within CI/CD pipelines
- Container secrets are managed in a secret management system, i.e. AWS Parameter Store
- Commit IDs are used to tag images to ensure consistent automated builds and to prevent attacks leveraging tag mutability
- Use of external container images are required to be signed and originate from a trusted registry, i.e. Docker Hub
- Health Note Application container images are stored in private repositories within Amazon AWS's Elastic Container Registry.
- Containers are regularly scanned for vulnerabilities and identified vulnerabilities are queued/documented/ticketed for remediation.
- Containers are required to utilize Linux User Namespace Support to reduce the kernel and system resources that a container can access.
| Revision Date | Revision Description | Notes |
|---|---|---|
| 3/31/2023 | Initial | Initial |
| 5/03/2024 | Initial | Initial |