Adding onboarding files (#319)

Author: Mouse933

docs/cybersecurity/SecDevOps Team/Onboarding/Code Reviews/Code Review Introduction.md

@@ -0,0 +1,26 @@
+---
+sidebar_position: 1
+---
+
+# What does Code Reviewing do?
+
+Code reviewing is the process of looking at code that’s been created by other developers and examining it to ensure it meets company standards and requirements for secure code. This helps identity common problems that could lead to security issues such as:
+- Vulnerabilities 
+- Errors such as logic errors
+- And inconsistencies in code
+
+The reason the SecDevOps team reviews code is to help address these issues early, so only secure, compliant code is pushed further up the development pipeline. 
+
+## How to access code reviews
+
+As a member of SecDevOps you can access code reviews through the company GitHub. This can be done from the repository screen by accessing pull requests, or it can be done by looking at tasks assigned to you through GitHub’s notifications for more recent requests. 
+
+To access them through the repository screen, simply open the pull requests using the rightmost button as seen below:
+
+![PR Button](code-review-imgs/code-review-intro-imgs/finding-prs.png)
+ 
+This will take you to all the current open requests for that repository
+
+![PR List](code-review-imgs/code-review-intro-imgs/viewing-prs.png)
+ 
+The code review process is further broken down in the next modules. 

docs/cybersecurity/SecDevOps Team/Onboarding/Code Reviews/Coding Best Practices.md

@@ -0,0 +1,75 @@
+---
+sidebar_position: 4
+---
+
+# Performing a Code Review
+ 
+This section describes in detail how to perform a code review. To help ease new members into the process of reviewing code on company repositories, it will attempt to break things down in a simple, easy to follow set of steps. 
+
+## Find open pull requests
+
+To start reviewing code, first you need to open a repository with open pull requests. Start by looking through the company repositories to find any with open pull requests, as some of the older requests won’t show in your pull request tab. 
+
+Take time to look over what type of code is in each repository, as some use different languages. Shown here, the Redback Senior Tech repository uses Jupyter Notebooks and currently contains 9 pull requests. 
+
+![Finding PRs](code-review-imgs/performing-reviews-imgs/find-prs.png)
+ 
+## Open the pull request and view initial details
+
+After opening your chosen pull request, take some time to view the initial context and changes documented by the author of the request. These comments can provide useful information when understanding what their code is doing. 
+
+![Viewing Comments](code-review-imgs/performing-reviews-imgs/view-comments.png)
+ 
+## View GitHub Action output
+
+If applicable to the type of file you’re reviewing, take some time to view the output added to the conversation tab by the actions bot. For the case of python files, the Bandit security scanner can provide necessary context for whether further changes are needed to make a file compliant with the company’s security policy. 
+
+![Github Actions Bot](code-review-imgs/performing-reviews-imgs/view-action-output.png)
+ 
+Take into consideration whether it’s flagged any high security or critical vulnerabilities, as well as what the scanners confidence, or the likelihood, of that vulnerability being present is. The output generally will tell you if any critical issues were found as seen in the example below. 
+
+![Bandit Output](code-review-imgs/performing-reviews-imgs/view-action-output2.png)
+ 
+For any other files, make sure you view the output the actions bot shows for the general pull request checks as well. These will be covered in more detail in a later step, but it’s good to see if there are issues with the files in the pull requests.
+ 
+As seen here, this request requires manual review and validation as the Pull Request Checks have failed. 
+
+![Checks Overview](code-review-imgs/performing-reviews-imgs/checks-overview.png)
+  
+## View the checks tab
+
+Once you’ve looked over the conversations tab, look through the checks tab to view any logs generated by the automated security and pull request checks, these can provide valuable information on what needs changing in the file. 
+
+![Viewing Checks](code-review-imgs/performing-reviews-imgs/view-checks.png)
+ 
+Viewing the logs step by step shows you the code being run against the security checks, in general this information won’t be important unless the code has failed the check. The results can be viewed in the comments posted by the GitHub-actions bot in the conversations tab as seen in the previous steps. 
+
+![Check Logs](code-review-imgs/performing-reviews-imgs/detailed-checks.png)
+
+Likewise, look over any pull request checks as they show you whether the file is compliant with the companies naming conventions for files and variables. In general, it’s good practice for all files to comply with this standard, and the pull request shouldn’t be merged until these issues are resolved. 
+
+![PR Checks](code-review-imgs/performing-reviews-imgs/pr-checks.png)
+ 
+Sometimes if the pull request is too old, the checks can expire. In cases like this there isn’t much that can be done, so it’s best to review these older files manually and check them against the company policies on best coding practices, as well as consider any output posted by the bandit scanner in the comments section.
+ 
+## Manually review the files
+
+Having looked through all checks, now it’s time to view the files themselves. Looking through the file manually, it’s our job to ensure there are no major security flaws that the scanner hasn’t picked up on.
+
+In general, we want to ensure there are no hardcoded credentials, API keys being shown, or other bad practices that may lead to security issues or potential exploits. Further information on what to look out for can be found in the Best Code Practices section of the documentation. 
+
+At any point, if there’s a line of code you need further clarification on from the author, or if there is any potential issue you’ve flagged, add an in-line comment using the plus button and leave a question for the author of the code. 
+
+Once you’ve finished viewing one of the files, make sure you tick the viewed checkbox to collapse the view and keep track of what files you’ve seen. 
+
+![Viewed Files](code-review-imgs/performing-reviews-imgs/viewed-files.png)
+  
+When you’ve finished reviewing the code, click on the button to review the changes. If the code is compliant and meets Redback Operations standards, meaning there are no critical security vulnerabilities and no compliance issues, then you may submit the approval. 
+
+![Approving Reviews](code-review-imgs/performing-reviews-imgs/approving-review.png)
+ 
+If you need extra context for something before deciding that you want to request changes or approve the pull request, then the comment option should be used. This allows you to submit general feedback and ask questions to get a better understanding of the authors intent. 
+
+In any other case, if there are issues with the code such as compliancy problems the scans have found, or major security flaws such as hardcoded credentials or visible API keys, then you must request the author makes changes. Leave a comment describing what needs fixing and submit the review using the request changes option.  
+
+![Requesting Changes](code-review-imgs/performing-reviews-imgs/requesting-changes.png) 

docs/cybersecurity/SecDevOps Team/Onboarding/Code Reviews/Performing a Code Review.md

@@ -0,0 +1,91 @@
+---
+sidebar_position: 3
+---
+
+# The GitHub UI
+
+This section provides guidance on how to work with the GitHub user interface. It’s intended to help new members understand how the code review process works by describing the key tabs and actions within a pull request.
+
+## Finding pull requests
+
+Before reviewing code, you first need to open the pull requests. Pull requests can be found either in your assigned review requests which can be found in the headers navigation menu which is highlighted below.
+
+![Repo Header PR Button](code-review-imgs/github-ui-imgs/repo-header.png)
+
+Alternatively, you can find review requests in each individual repository under that repositories pull requests. As seen in the image, there are two pull requests in the redback operations senior mobile repository.
+
+![Repo Overview](code-review-imgs/github-ui-imgs/individual-repo.png)
+
+Once you have a repo opened, you can start the review process by opening any of the currently available review requests. If you need to filter to see what pull requests require reviewing, then you can apply the necessary filter from the header.
+
+![PR Filter](code-review-imgs/github-ui-imgs/pr-filter.png)
+
+After opening a pull request, you can see all details of the chosen request. This includes the authors name, any comments left, checks made via GitHub Actions, and what the exact changes to the files were.
+
+![PR Header](code-review-imgs/github-ui-imgs/pr-header.png)
+ 
+## Reading Comments
+
+To start the review process, it’s recommended you read and understand any comments made by the requesting user, as this will help you understand what the changed being made are.
+
+![Comment Example](code-review-imgs/github-ui-imgs/comment-header.png)
+
+As seen in the example above, comments can be found in the conversations tab and show the full workflow of the pull request once it reaches this stage of development.
+
+In some cases, there will be output in the comments from the GitHub-actions bot, which outputs information based on what type of file you’re reviewing. For python files, the Bandit Scanner is used to check for Common Vulnerabilities and Exposures (CVEs) that can leave the code vulnerable. This will be touched on in a later step, as it isn’t fully relevant to all code files in the redback repository.
+
+![Action Output](code-review-imgs/github-ui-imgs/actions-output.png)
+
+## Commits
+
+To get an overview of what’s been changed over time, you can view the commits tab in a pull request. In here you can see all changes made in the pull request in chronological order.
+
+![Commits Overview](code-review-imgs/github-ui-imgs/commits-overview.png)
+
+Each commit shows a set of changes made by the author at a specific point in time. Reviewing commits allows you to see how the assets in the pull request have changed over time when compared to the result.
+While the commits tab isn’t a necessary feature for completing code reviews, since reviews are generally carried out in the files changed tab, it can help you:
+- Understand the progression of changes
+- Find when specific updates, fixes or changes were introduced
+
+Seeing how the commits have changed over a period can provide useful context when trying to understand what issues have already been addressed during earlier iterations of the code.
+ 
+## Checks
+
+The checks tab is used to show the status of various integrated, automated checks, test and other verifications that run against the chosen pull request. These checks include continuous integration builds, automated tests and verification processes, security scans and other automated checks that may be included in the organisation’s development pipeline.
+
+![Checks Overview](code-review-imgs/github-ui-imgs/checks-overview.png)
+
+The results show whether each of the automated checks is in progress, successful, or has failed. Before a pull request can be merged to the main branch, it must pass all the chosen checks to meet Redback Operations compliance and quality standards.
+
+When a check is successful, it simply displays a tick and moves on to the next part of the process. However, when a check fails, it will post logs as to what’s happened and will give details that can be expanded to identify what went wrong, and what must be fixed.
+
+![Check Details](code-review-imgs/github-ui-imgs/detailed-checks.png) 
+
+## Files Changed
+
+The files changed tab is one of the most important tools used in a code review by the SecDevOps team. It shows a detailed comparison between the base branch of the repository and the proposed changes in the pull request. 
+
+As a result, this is where most of the work for code reviews happen, as it’s where we view changes made and manually review the code to find potential security or compliance issues.
+
+![Files Changed](code-review-imgs/github-ui-imgs/files-changed-overview.png)
+
+In this view, you can see exactly what was added, removed or otherwise modified from all files in the pull request. Sections of code highlighted in green show what’s been added to the file, while sections highlighted in red show what has been removed from the file.
+
+This tab also features several useful tools you can use throughout the code review process to interact with the code, and make your job easier, these include:
+
+The ability to comment directly on any changed line by hovering over the line and pressing the blue plus icon. This allows you to provide context on any concerning lines of code, as well as ask questions with a direct reference to what you need clarity on.
+
+![Inline Comments](code-review-imgs/github-ui-imgs/inline-commenting.png)
+
+Mark files as viewed using the checkmark at the top of the file. This allows you to collapse the file, making it easier to find what you have viewed and what you still need to review. This is especially useful when working on pull requests with many files.
+
+![Viewed Files](code-review-imgs/github-ui-imgs/viewed-files.png)
+
+Using the settings, you can change the view type from unified to split. Unified simply shows all the changes stacked on top of the original file, while split shows them side by side with one side showing the original file state, and the other showing the changes, allowing you to more easily see what’s been changed.
+
+![Changing Views](code-review-imgs/github-ui-imgs/view-type.png)
+
+Finally, using the filter options you can filter the files by type or by certain files based on the file tree. This allows you to see all files of different types, as well as how many of that type are in the pull request.
+
+![File Filter](code-review-imgs/github-ui-imgs/file-filter.png)
+

docs/cybersecurity/SecDevOps Team/Onboarding/Code Reviews/The GitHub UI.md

@@ -0,0 +1,9 @@
+{
+    "label": "Code Reviews",
+    "position": 3,
+    "link": {
+      "type": "generated-index",
+      "description": "SDO Onboarding Code Review Documents."
+    }
+  }
+