漏洞修补工作流
devops
安全漏洞修补工作流,包括 CVE 扫描、按严重级别(严重/高/中)分级、补丁测试、预生产环境部署以及具备回滚能力的生产环境发布。
完整 FlowZap 代码
Scanner { # Vulnerability Scanner
n1: circle label:"Start"
n2: rectangle label:"Run dependency scan"
n3: rectangle label:"Analyze CVE database"
n4: rectangle label:"Verify patch applied"
n5: circle label:"End"
n1.handle(right) -> n2.handle(left)
n2.handle(right) -> n3.handle(left)
n3.handle(bottom) -> Triage.n6.handle(top) [label="Vulnerabilities found"]
n4.handle(right) -> n5.handle(left)
}
Triage { # Vulnerability Triage
n6: rectangle label:"Assess CVSS score"
n7: diamond label:"Severity level?"
n8: rectangle label:"Create critical ticket"
n9: rectangle label:"Create high priority ticket"
n10: rectangle label:"Add to backlog"
n11: rectangle label:"Assign to security team"
n6.handle(right) -> n7.handle(left)
n7.handle(right) -> n8.handle(left) [label="Critical"]
n7.handle(bottom) -> n9.handle(top) [label="High"]
n7.handle(left) -> n10.handle(top) [label="Medium/Low"]
n8.handle(right) -> n11.handle(left)
n9.handle(right) -> n11.handle(top)
n10.handle(top) -> Scanner.n4.handle(bottom) [label="Scheduled"]
n11.handle(bottom) -> Patching.n12.handle(top) [label="Remediate"]
}
Patching { # Patch Application
n12: rectangle label:"Update dependency version"
n13: rectangle label:"Run regression tests"
n14: diamond label:"Tests pass?"
n15: rectangle label:"Deploy to staging"
n16: rectangle label:"Investigate failures"
n17: diamond label:"Staging healthy?"
n18: rectangle label:"Deploy to production"
n19: rectangle label:"Rollback changes"
n12.handle(right) -> n13.handle(left)
n13.handle(right) -> n14.handle(left)
n14.handle(right) -> n15.handle(left) [label="Yes"]
n14.handle(bottom) -> n16.handle(top) [label="No"]
n15.handle(right) -> n17.handle(left)
n16.handle(top) -> n12.handle(bottom) [label="Fix"]
n17.handle(right) -> n18.handle(left) [label="Yes"]
n17.handle(bottom) -> n19.handle(top) [label="No"]
n18.handle(top) -> Scanner.n4.handle(bottom) [label="Patched"]
n19.handle(top) -> n12.handle(bottom) [label="Retry"]
}