Carrot MapperDeploymentSecurity Model

Security Model

This document outlines the security considerations, infrastructure requirements, and trust model for deploying and running Carrot Mapper within a network.

Container Security

Image Build Process

  • Carrot Mapper images are built using GitHub Actions, using a repeatable and transparent build process.
  • Each dependency from the build process is pinned to a git hash.
  • This automation helps ensure that each build is consistent and can be traced back to its source code and build instructions.

Container Registry

  • Every Carrot Mapper image is published to the GitHub container registry.
  • Images are pinned to specific workflow commit hashes, which prevents unauthorized modifications and ensures that only verified builds are used.
  • This pinning mechanism helps maintain security by ensuring that the exact version of the code that was reviewed and tested is the one being deployed.

Code Security & Review

  • All code contributions must pass a set of unit, integration, and end to end tests.
  • Contributions are reviewed by the University of Nottingham Centre for Health Informatics developer team, before they are approved and merged into the codebase.
  • Code scanning using GitHub’s CodeQL analysis is enabled on the repository and contributions to automatically identify potential security vulnerabilities and coding issues.

Dependency & Supply Chain Security

  • The base image and all dependencies are reviewed for security updates.
  • GitHub’s dependency-review-action is used to detect vulnerable dependencies before they are introduced into the codebase.
  • Carrot Mapper uses Dependabot to automatically scan and update dependencies, ensuring security vulnerabilities are identified and patched promptly.
  • Updates are published with release notes on the Carrot Mapper releases page.
  • A Software Bill of Materials (SBOM) for Carrot Mapper is published providing visibility into dependencies and supply chain security.

Infrastructure Security

  • Carrot Mapper is deployed in a secure environment by a data partner.
  • No incoming requests are made into the data partner’s secure environment.
Step-by-StepSecurity Guidelines