From 89b0be6cfe7c9298e17b1941188e6020bcffdb05 Mon Sep 17 00:00:00 2001 From: George Lund Date: Fri, 3 May 2024 13:47:09 +0100 Subject: [PATCH 1/4] Update mission statement and clarify applicability outside GDS - also update some references to standards, policies and guidance --- source/index.html.md.erb | 11 +++++++---- source/standards/understanding-risks.html.md.erb | 6 ++++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/source/index.html.md.erb b/source/index.html.md.erb index c1229bf9..6373f852 100644 --- a/source/index.html.md.erb +++ b/source/index.html.md.erb @@ -31,14 +31,16 @@ title: The GDS Way <% end %>
-

The GDS Way and its content is intended for internal use by the GDS and CO CDIO communities.

+

The GDS Way and its content is intended for internal use by the GDS community.

# <%= current_page.data.title %> -The GDS Way documents the specific technology, tools and processes that Government Digital Service (GDS) and Cabinet Office Chief Digital and Information Office (CO CDIO) teams use to build and operate services. +The GDS Way guides teams to build and operate brilliant, cost-effective digital services. -It's not intended as guidance for anyone working outside GDS or the CO CDIO - you'll find that in the [Service Manual](https://www.gov.uk/service-manual). +It documents the specific technology, tools and processes that Government Digital Service (GDS) teams use. + +It's not intended as guidance for anyone working outside GDS (though some other Cabinet Office teams use it too) - you'll find that in the [Service Manual](https://www.gov.uk/service-manual). ## About The GDS Way @@ -57,11 +59,12 @@ The GDS Way includes consistent: * technology and tools * measures -All decisions are made in alignment with [Service Manual](https://www.gov.uk/service-manual) which covers service design more broadly. +All decisions are made in alignment with [Service Manual](https://www.gov.uk/service-manual), which covers service design more broadly, and the [Technology Code of Practice](https://www.gov.uk/guidance/the-technology-code-of-practice). Products at GDS in discovery or alpha development phases must follow [agile delivery principles](https://www.gov.uk/service-manual/agile-delivery) and also have the option to follow the standards in this repository. Products in beta and live phases must follow both the instructions set out in the Service Manual and the standards in this repository. +They must be [secure by design](https://www.security.gov.uk/guidance/secure-by-design/). ## How to add new guidance diff --git a/source/standards/understanding-risks.html.md.erb b/source/standards/understanding-risks.html.md.erb index 1b3fa537..794e3816 100644 --- a/source/standards/understanding-risks.html.md.erb +++ b/source/standards/understanding-risks.html.md.erb @@ -1,6 +1,6 @@ --- title: Understand the risks to your service -last_reviewed_on: 2023-11-20 +last_reviewed_on: 2024-05-03 review_in: 6 months --- @@ -11,12 +11,13 @@ When you build, maintain or change your service, you must have a clear understan You should work with [GDS Information Security IA] to design appropriate solutions for your service's risks. IA may need to obtain risk acceptance from your Senior Risk Owner (SRO). You can also work with the [COD Cyber Security Team] to get advice on the threats applicable to your service, and how to best mitigate them. - The Service Manual has some recommendations which can reduce risk to your service, for example, how to: * [protect against fraud][] when you design and manage your service * [secure your information][] if you handle ‘official’ classified data +The government security hub [security.gov.uk][securityhub] provides links to the policies and standards that we have to follow. + ## Model security threats [Modelling threats][] can help you gain a clearer understanding of threats against your service. GDS uses [Attack Tree][] development workshops to model threats. Any workshops you run should cover all potential [attack vectors][]. @@ -47,3 +48,4 @@ The [National Cyber Security Centre (NCSC)] provides guidance about cyber securi [securing your cloud environment]: https://www.gov.uk/service-manual/technology/securing-your-cloud-environment [attack vectors]: https://searchsecurity.techtarget.com/definition/attack-vector [CDIO Security Pillar]: /standards/cyber-security-overview.html +[securityhub]: https://www.security.gov.uk/ From 3438db387bf9a69e03f1ab54980c4363d8d23be8 Mon Sep 17 00:00:00 2001 From: George Lund Date: Fri, 3 May 2024 13:49:21 +0100 Subject: [PATCH 2/4] Get Dockerfile working and update docs to mention it --- Dockerfile | 8 +++++--- README.md | 13 +++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index cc26915b..06f65dcc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.7.6-buster +FROM ruby:3.1.3-buster EXPOSE 4567:4567 EXPOSE 35729:35729 @@ -6,11 +6,13 @@ EXPOSE 35729:35729 WORKDIR /usr/src/gems COPY ./Gemfile /usr/src/gems +COPY ./Gemfile.lock /usr/src/gems RUN apt-get update && apt-get install -y nodejs -ENV BUNDLE_FORCE_RUBY_PLATFORM=true -RUN bundle check || bundle install +RUN bundle config set force_ruby_platform true +RUN bundle install +RUN bundle check WORKDIR /usr/src/docs diff --git a/README.md b/README.md index a4a4c75a..145bf587 100644 --- a/README.md +++ b/README.md @@ -43,11 +43,23 @@ to update the GDS Way. To preview or build the website, we need to use the terminal. +You can use the Dockerfile provided: + +``` +docker build . -t gds-way +docker run --rm -p 4567:4567 -p 35729:35729 -v $(pwd):/usr/src/docs -it gds-way +``` + +Otherwise, the following steps will get Middleman running locally. + #### Install Ruby and Bundler Install Ruby with Rubygems, preferably with a [Ruby version manager][rvm], and the [Bundler gem][bundler]. +A [.ruby-version](./.ruby-version) file is provided for use with [rbenv][]. +If you update it, please update the [Dockerfile](./Dockerfile). + #### Clone the repository Clone the repository using: @@ -161,6 +173,7 @@ The documentation is [© Crown copyright][copyright] and available under the ter of the [Open Government 3.0][ogl] licence. [rvm]: https://www.ruby-lang.org/en/documentation/installation/#managers +[rbenv]: https://github.com/rbenv/rbenv [bundler]: https://bundler.io/ [mit]: LICENCE [copyright]: https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-government-licensing-framework/crown-copyright/ From 3e801ebd7c518c2787cbb61a783cf970306dab2a Mon Sep 17 00:00:00 2001 From: George Lund Date: Tue, 14 May 2024 16:34:08 +0100 Subject: [PATCH 3/4] Apply mission statement change to shared layout template - original change was in 89b0be6cfe7c9298e17b1941188e6020bcffdb05 --- source/layouts/custom.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/layouts/custom.erb b/source/layouts/custom.erb index f954f174..893dd20b 100644 --- a/source/layouts/custom.erb +++ b/source/layouts/custom.erb @@ -1,6 +1,6 @@ <% wrap_layout :layout do %>
-

The GDS Way and its content is intended for internal use by the GDS and CO CDIO communities.

+

The GDS Way and its content is intended for internal use by the GDS community.

<%= yield %> From df8b3560a54591caa8af2a7c3f59e05862d74293 Mon Sep 17 00:00:00 2001 From: George Lund Date: Tue, 14 May 2024 16:34:59 +0100 Subject: [PATCH 4/4] No need for index page to have its own layout - all the custom layout does is add a note about applicability, which we want on this page too --- source/index.html.md.erb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/source/index.html.md.erb b/source/index.html.md.erb index 6373f852..1cb044f9 100644 --- a/source/index.html.md.erb +++ b/source/index.html.md.erb @@ -1,5 +1,4 @@ --- -layout: core title: The GDS Way --- @@ -30,10 +29,6 @@ title: The GDS Way <% end %> -
-

The GDS Way and its content is intended for internal use by the GDS community.

-
- # <%= current_page.data.title %> The GDS Way guides teams to build and operate brilliant, cost-effective digital services.