RUST-1924 Generate and upload SSDLC compliance report (#1133)

isabelatkinson · web-flow · commit 90d788af2763 · 2024-06-12T15:35:15.000-04:00
diff --git a/.evergreen/create-ssdlc-compliance-report.sh b/.evergreen/create-ssdlc-compliance-report.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -o errexit
+set -o xtrace
+
+REPORT_FILE=".evergreen/${CRATE_VERSION}-ssdlc-compliance-report.md"
+SED_REPLACE="s/RELEASE_VERSION/${CRATE_VERSION}/g"
+
+sed ${SED_REPLACE} .evergreen/ssdlc-compliance-report-template.md > ${REPORT_FILE}
diff --git a/.evergreen/releases.yml b/.evergreen/releases.yml
@@ -29,7 +29,6 @@
 #
 # Make sure to remove the changes from 1 and 2 before merging!
 
-
 exec_timeout_secs: 3600 
 
 functions:
@@ -176,6 +175,25 @@ functions:
         content_type: text/plain
         display_name: signature-
 
+  "create and upload SSDLC compliance report":
+    - command: subprocess.exec
+      params:
+        working_dir: "src"
+        include_expansions_in_env:
+          - CRATE_VERSION
+        binary: bash
+        args:
+          - .evergreen/create-ssdlc-compliance-report.sh
+    - command: s3.put
+      params:
+        aws_key: ${S3_UPLOAD_AWS_KEY}
+        aws_secret: ${S3_UPLOAD_AWS_SECRET}
+        local_file: src/.evergreen/${CRATE_VERSION}-ssdlc-compliance-report.md
+        remote_file: rust-driver/${TEST_PREFIX}${CRATE_VERSION}-ssdlc-compliance-report.md
+        bucket: cdn-origin-rust-driver
+        permissions: private
+        content_type: text/markdown
+
 tasks:
   - name: "publish-release"
     commands:
@@ -187,6 +205,7 @@ tasks:
       - func: "publish papertrail"
       - func: "sign release"
       - func: "save signature"
+      - func: "create and upload SSDLC compliance report"
 
 axes:
   - id: "os"
diff --git a/.evergreen/ssdlc-compliance-report-template.md b/.evergreen/ssdlc-compliance-report-template.md
@@ -0,0 +1,33 @@
+# MongoDB Rust Driver SSDLC Compliance Report
+
+### Release Version: RELEASE_VERSION
+
+**Release Creator**
+The creator of this release can be determined by visiting
+https://github.com/mongodb/mongo-rust-driver/releases/tag/vRELEASE_VERSION.
+
+**Process Document**
+TODO RUST-1918 Link to "How We Develop Software" document
+
+**Tool used to track third party vulnerabilities**
+N/A; the Rust driver does not bundle third-party dependencies
+
+**Third-Party Dependency Information**
+N/A; the Rust driver does not bundle third-party dependencies
+
+**Static Analysis Findings**
+To request a copy of the static analysis report, please contact
+the MongoDB Rust driver team.
+
+**Signature Information**
+The release signature for this version can be found by visiting
+https://downloads.mongodb.org/rust-driver/mongodb-RELEASE_VERSION.sig.
+
+**Security Testing Report**
+TODO RUST-1955 Link to security testing report
+
+**Security Assessment Report**
+N/A; non-goal for client libraries
+
+**Known Vulnerabilities**
+None
