Product Security Engineering Runbooks

HackerOne Tooling Runbook

This runbook is for information related to the suite of tools created to help support the Application Security team’s HackerOne processes.

Repository List

Information in this runbook may help with debugging, maintaining, or supporting the tools and services found in the following repositories:

• h1bot, which provides import related functionality
  • See also: h1bot configuration and deployment
• h1-gitlab, which performs a number of GitLab issue lifecycle management tasks
• h1-attachments, which serves imported HackerOne attachments
  • See also: h1-attachments configuration and deployment

Re-deploying

h1bot and h1-attachments are deployed using GitLab continuous delivery features. In some cases, re-deploying the environment may fix problems with the tooling, such as request timeouts to the attachments server.

Runway tooling guidelines

This runbook is intended to help determine whether a tool is a good fit for Runway. In certain cases, it may be beneficial to use Runway to ease tooling integration work.

What is Runway ?

The proposal of the design document sums up what Runway seems to be today:

Runway is a means for deploying a service, packaged up as a Docker image to a production environment. It leverages GitLab CI/CD as well as other GitLab product features to do this.

Team Member Upskilling Runbook

This runbook is a collection of resources for new or existing Product Security Engineers, or for those looking to build a body of work to enhance their skills and knowledge in product security. This runbook is designed to provide guidance and resources for continuous learning and professional development.

1. Core Competencies

Team members should work to become proficient in the following core competencies: