owasp-foundation / owaspadmin-azurefunctions Goto Github PK

Currently, if someone actually builds the site per the migration pages, and .gitignore doesn't have _site in there, a bunch of older files will be checked in, that are simply unnecessary and will contain dependabot worthy alerts in time.

Please go ahead and bulk change .gitignore in all repos that use Jekyll to ignore _site and any other folders or files that are unnecessary for operation, and then remove those files / folders from affected repos. My tool can help you find these repos quickly.

All code built for OWASP must contain business requirements (such as decomposing the current policy and the features / non-functional requirements that these imply), how the architecture/design work, how to build the code, how to build and promote into dev, test, and production environments, how to test correct operation, and finally end-user operation documentation.

I would suggest breaking it down by each folder in this repo. If multiple things are needed to run a particular function (such as the webhook queue & processor), please document them together. Lastly, if you need help, please let me assist you. A second pair of eyes can often help find issues.

Code without tests is incomplete. If we can't reliably unit and integration test, it's impossible to understand if the code is functioning correctly. Please create test suites for each piece of code and document how the tests should be run in dev / testing.

If the architecture is untestable, then the architecture must change. I would encourage you to look at Clean Architecture by Uncle Bob. That creates easily tested code and reduces complexity of many layers

I have literally no idea if this exists, and it's on me that I've not forced this issue before. I need to know that we are planning and prioritizing automation correctly. You can do this in Asana, here, or Jira, I'm not fussed, but it has to exist.

Please document each automation project, what the benefit will be, where we can find the code, design, and test documentation, how far progressed it is, if we have contractors or volunteers working on it, and what is the expected go live date.

I ran my tool to clone all repos by discovering the repos via GitHub API. The number of chapters on the chapter status page and the reality of this are different. I checked that these chapters are indeed well set up and should be active.

This may mean:

a) The code for Chapter Status is using out of date search criteria
b) The repos are hidden from the chapter list
c) The criteria for the Chapter Status page is not aligned with chapter policy

Please review. The code for my tool is available at vanderaj/owasp-policy-scanner. You will need a GitHub API key to determine the state of the chapter page state in a reasonable timeframe. Meetup key is useful, but not essential (yet)

In our welcome and renewal Mailchimp automation emails, it doesn't mention how to access Secure Flag or We Hack Purple's member benefit. In addition, please highlight the new member portal as the way for them to review their membership and update their data.

Please work with Lisa on some words to:

a) claim their owasp.org email (or recover access to it)
b) how to access each benefit
c) Add membership portal details

to both the new and renewal emails.

Corporate members are receiving the owasp.org email clean up messages. They don't have an owasp.org email address.

We can address this in two ways:

Stop sending it to them
Provisioning them all (~ 58) with emails

In either case, please stop sending them messages if they do not have owasp.org emails as their primary contact.

Lisa is aware of some members who had auto-renew enabled, but their card is expired. They got no notification and therefore they didn't renew like they thought that they should have.

Can you please ensure that folks with expired cards who are due to renew soon get a message, either from Stripe or our code to send an different reminder email with instructions to update their card on file so the auto-renew can occur. If they need to process a new auto-renewal membership, it should say that.

Please add that a custom message to the Stripe receipt, to let folks know that they should receive a follow up email with instructions on how to claim their owasp.org email. That way they know that it's not immediate and avoiding client contact tickets that are working sort of as intended.

Also, try to reduce this time. I think folks are looking for immediate access to this stuff. If there's a day delay, please find out why.

A number of repos have links to old outdated policies. Please find these and point them at the correct policy page or landing page. This affects 34 chapters out of 225 (15% of the total), and might be used to justify old behavior and not following current policy.

Some users are receiving multiple memberships for a single Stripe membership transaction.

Can you please review why this is happening, and fix the code so it stops happening in the future

Find and fix all 236 members with multiple year memberships. There may be more than this in Copper, as I only searched for 1 year members who had an end date after one year today, and two year members who had a start date prior to two years ago and end dates after that expiry.

One of my OWASP Top 10 co-leads had paid for a membership in Stripe last year. He had no membership in Copper. He only discovered this because he wanted to confirm the email clean-up campaign. I've seen other tickets in Jira from other affected members, so this is not an isolated incident.

There are others in the same situation. Please find them all and make sure they have the appropriate membership end date in Copper, and from there, MailChimp.

We will need a tool to confirm that the membership info in Stripe and Copper are aligned in real-time on September 30 for the election to cope with the Board motion earlier this year, and we need to run this a bit beforehand as well so that they have time to renew if they had expired and intend to vote or stand in this year's election, and to ensure that any candidates who had faulty membership data can stand without a gap in their membership through technical deficiencies in our membership solution.

34 chapter repos have links to the old Speakers agreement. This should not be used. Please bulk update these repos to point to the current Speaker Agreement

My tool looks for the old donate link in Jekyll repos. The old donate link doesn't work any more, and it should be bulk replaced by us to the new donate page. This affects 13 chapter repos and an unknown number of project or other repos. Most of them (but not all) are in the migrated content file, which I know doesn't show, but it's there and could be copy and pasted by a leader who does not know about the new link.

A number of repos have old Wiki links. This may be intended, but often it's not. please notify these leaders that they should edit this code to be updated to the main owasp.org website. Usually, these links point to projects or similar.