Last modified: Apr 5, 2024

Secure development

Methodology

Digdir follows a secure development methodology for the development and operation of Altinn 3, where security is an important element in every phase of the process. Each DevOps team has a Security Champion/Security Coordinator with special focus on security in the team. The Security Coordinator also participates in the security group in the BOD department at Digdir, where issues and areas are discussed. The development process is continuously improved.

Figure 2 - Secure DevOps

To be able to put the developers in focus, the use of security tools and automation is preferred where possible. This includes integration with security tools in the build and deploy processes where identified security flaws stop the processes.

Altinn has several important architecture principles that support security:

  • Open source
    • Promotes openness and the possibility for service owners and others to quality-assure the source code
  • Use known, modern, and popular frameworks and technologies
  • Prefer standards rather than creating something themselves
  • Isolation
  • Prefer managed services (PaaS) over IaaS services
  • Defense in depth

More information about the principles can be found at https://docs.altinn.studio/principles/

Third-party vendors and supply chains

Frameworks and technologies
Figure 3 - Frameworks and technologies used in Altinn 3

Altinn 3 is based on open source code and uses several third-party libraries and products. These libraries, in turn, use other libraries, which again use other libraries, and so on. This creates long supply chains that are difficult to oversee and control. There will also be different developers/teams/organizations behind the libraries. Transfer of ownership of a library can also be transferred to a person/team with a completely different motivation than the original owner. There have been examples where owners have withdrawn the library, which has led to downtime for many websites, or new owners have introduced functionality with malicious intent.

Maintaining a manual overview of these libraries would be an insurmountable task. Therefore, Digdir uses “Dependabot” and other GitHub security features to monitor third-party libraries for updates and vulnerabilities, in addition to having routines for doing continous patching and evaluation of dependencies.

⚠ Service owners must monitor and update their use of third-party libraries in their apps themselves.