@kartverket/backstage-plugin-risk-scorecard
v2.0.3
Published
This is a plugin for Backstage that helps you and your team when working continuously with risk analysis (:)) The plugin is dependent on a backend service in order to decrypt and communicate with GitHub, and some configuration is necessary for them to com
Downloads
91
Readme
Risk Scorecard (RiSc)
This is a plugin for Backstage that helps you and your team when working continuously with risk analysis (:)) The plugin is dependent on a backend service in order to decrypt and communicate with GitHub, and some configuration is necessary for them to communicate.
Add the following configuration to the proxy-block in your app-config. Modify the target
to the root url of your running backend service.
proxy:
endpoints:
'/risc-proxy':
target: http://localhost:8080
allowedHeaders: ['Authorization', 'GCP-Access-Token', 'GitHub-Access-Token']
The backend uses Backstage-issued tokens to validate the user, and GCP access tokens to federate access to the GCP KMS. Write and read access to repositories is managed by the users GitHub access token. The plugin uses the apiRefs for both of these providers, and entity providers and authentication have to be implemented for both:
- Add discovery of organization data for Microsoft Org
- Add authentication for both providers
Happy RiSc-ing 🌹