🚨 ALERT: Repository Mapping Required !! - !! Action Needed Before 11th June 2025 🚨 #5
Description
To better enable incident management, vulnerability management, and source code management, we are asking developers to map their repositories to Service Configuration Items (CI) within the Heimdall platform.
Heimdall is an internally developed platform that allows Sky developers to view code-related vulnerabilities identified in the scanning of their repositories.
We launched our Repo Mapping Campaign back in October 2024 and appreciate your team's efforts so far. We are following up again as your repository has not yet been mapped. Failure to complete will result in the repository being archived and access removed.
Why Are We Doing This?
This mapping is essential to accurately manage Sky's source code and establish a clear link between code repositories and the services they support. This effort strengthens our overall security posture and improves incident management capabilities.
Action Required
- Navigate to the Heimdall platform. Note: You will need to be connected to the corporate VPN if not working from a Sky site.
- Click "Login Heimdall / Request Access" to be directed to the corresponding repository in Heimdall.
- In the "Primary Service CI" field, search for the relevant Service Name by starting to type the service name.
- Select the correct Service Name from the search results.
- In the confirmation popup, verify that the service details are accurate, then click "Save".
If a repository cannot be mapped to a service for a valid reason, please select an appropriate justification from the “Not Applicable" section in the Heimdall dropdown menu. This option enables the repository to be mapped directly to the relevant support group instead of a service CI.
Only select 'Not Applicable' if your code repository cannot be linked to an existing or new Service CI. Choosing this option will initiate a periodic attestation requirement.
📅 Deadline: All repositories must be mapped by 11th June 2025.
⛔ Repositories that remain unmapped after the deadline will be archived.
Need Assistance?
Contact our Slack channel #software-security-support for further assistance. A request can be made to unarchive a repository here; this will only be actioned once the mapping is complete.