Hi everyone,
I ran our open-source InfraScan tool against the public infrastructure/config in the OpenMRS cluster repo:
Overall score: B (89.3%) Main findings:
- container vulnerabilities
- missing encryption/logging-related configs
- AWS cost optimization opportunities
Full report:
Questions for maintainers / contributors:
I’d really appreciate feedback on a few things:
- Are reports like this actually useful in the OpenMRS ecosystem?
- Which types of findings are valuable vs. mostly noise?
- What would be most helpful for OpenMRS in tools of this kind?
Thanks in advance for any thoughts.