david.delagneau/fidelity-ai-workspace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f0d3cd4ce940362c6e901195cc010e6be816c866
fidelity-ai-workspace/project-knowledge/02-work-items/pdiap-11962.md
david.delagneau 2a234701c5 Update work items and daily logs for project fidelity 
- Updated work items with new statuses, notes, and dependencies:
  - `PDIAP-15838` moved to Done, draft PR remains unmerged.
  - `PDIAP-15836` status updated to backlog-ready, sequenced after `PDIAP-15838`.
  - `PDIAP-12284` reopened for UIKit removal, dependency for `PDIAP-15836`.
  - Added new backlog items: `PDIAP-11961`, `PDIAP-11962`, `PDIAP-11562`, `PDIAP-12226`, `PDIAP-12227`, `PDIAP-12228`.
- Completed `PDIAP-16167`, documented findings in Confluence.
- Created daily log for 2026-05-05 summarizing work item updates and backlog triage.
- Added diagnostic script for workspace analysis.
2026-05-05 15:54:45 -06:00

2.1 KiB
Raw Blame History

type, project, status, ticket, title, systems, workstreams, people, related, updated, tags
type project status ticket title systems workstreams people related updated tags
work-item fidelity backlog-review PDIAP-11962 Closure of secret scanning alerts
xflowsdk
security
backlog-triage
jeff-dewitte
pdiap-11961
2026-05-05
work-item
fidelity
security

PDIAP-11962 - Closure of secret scanning alerts

Status

  • Backlog item under review for future work.
  • Earlier alert-closure process appears partially completed, but two Google API Key alerts remain open.

Current Findings

  • David found an October 9, 2025 email confirming the prior submission.
  • Follow-up shows Matthew closed the earlier alerts/story on March 5, 2026.
  • Two Google API Key alerts remain open and were not part of that closure.
  • Those alerts appear tied to an old MockPageViewWithHiddenToggle commit from April 18, 2025, not newly introduced REST-story work.
  • Google API Key rotation is not owned by David/XFlow directly; backend support or clarification may be needed if rotation/invalidating is required.

Historical Slack Context

  • October 2025 Slack context ties this story to PDIAP-11573 - Remediate secret scanning alerts in XFlow iOS SDK.
  • The intended sequence was:
    1. report inactive secrets through the SSDLC/AAVD process,
    2. use PDIAP-11961 to handle invalidation/rotation of still-active Google API keys,
    3. use PDIAP-11962 to close the GitHub alerts after PDIAP-11961 is completed.
  • Slack context from October 10, 2025 says inactive secrets were reported in ESWR-35407, PDIAP-11961 was created for active-secret invalidation, and PDIAP-11962 was created to manage alert closure after invalidation.
  • Slack context from November 19, 2025 says the secret-remediation alerts were still present and none had been marked resolved at that time.
  • Treat PDIAP-11962 as the closure/follow-up story, not the rotation/invalidation story itself.

Related Work

  • PDIAP-11961 - Remediation of Exposed Secrets in XFlow iOS SDK - Request for Rotation/Invalidation is the related story for the remaining Google API Key alerts and is not assigned yet.
Reference in New Issue View Git Blame Copy Permalink