From Fork to Feature

Contributing to CIPP : A deep dive into development, forking, API creation, and tips for project contributions

Video TBD

Session Abstract

Our 4th Sip & CIPP session offered an immersive journey into the world of Open Source Software development within the CIPP projects. This workshop was designed to equip future contributors with practical skills in setting up a development environment, forking repositories, and API creation. Attendees explored the nuances of navigating the CIPP codebase, contributing effectively, and implementing best practices in scripting and security. The session also provided a sneak peek into upcoming features, positioning attendees at the forefront of innovative development in the CIPP project.

Learning Objectives

Development Environment Setup: Steps to create a local environment for CIPP development.
Forking Repositories: Best practices for forking CIPP and CIPP-API repositories.
Custom Feature and API Development: Techniques for developing custom features and APIs.
Understanding Codebase: Tips for efficiently navigating the CIPP project's codebase.
Practical Development Tips: Practical tips on testing, environment variables, and security practices in the development workflow.

Detailed Topic Coverage

Local Development Setup:
- Kelvin emphasized the importance of mirroring the production environment in the local setup to avoid deployment issues.
- He provided a step-by-step guide on setting up a local development environment, including navigating GitHub, managing branches, and finding specific files like standards.
Forking and Contribution:
- Participants were guided on creating forks of the CIPP repositories and the necessity of including a development branch in these forks.
- Kelvin discussed making edits, committing changes, and the process of starting pull requests, highlighting UK English spelling conventions in the project.
Hands-On Development:
- The session included instructions on starting local development instances and executing commands using tools like winget.
- Kelvin demonstrated creating and editing standards and APIs within CIPP, focusing on adding new standards, remediation options, and input fields.
Codebase Navigation and Contribution:
- Kelvin dissected the CIPP project structure, showing how to navigate modules and explaining the significance of each folder.
- The process of creating new standards, adding them to the front end, and the modularity of CIPP's architecture were highlighted.
Future Developments:
- Upcoming features and improvements, such as the rewrite of the events engine and new alerting rules, were discussed.
- Kelvin introduced the concept of if-else-then logic for alerts received through webhooks for more dynamic and customizable responses.

Chat FAQ

Q: Why is the report option not available for CA templates? A: The report option isn't available because multiple templates can be selected at the same time, making it unclear what specifically is being reported.

Q: Can I alert/report on members of a CA policy? A: Creating a custom flow is required to check if a user is logging on without multifactor authentication and if they're a member of the policy.

Q: Is there a way to review and remediate a user's risk state when they get flagged as a risky user? A: This can be achieved using new event-based remediations with a custom if-else-then script.

Q: How are the conversations going with direct CSP providers for integrations? A: Conversations with one tier-one CSP provider are progressing well, focusing on creating APIs for license purchases.

Q: For the updated events engine, would it be possible to alert on a specific application taking action on a user? A: Yes, as long as the application's action is logged, the updated events engine can be configured to alert based on these logs.

Q: Will it ever be possible to have multi-user offboarding? A: Multi-user offboarding might be feasible in the future but is likely to be limited due to risks, like accidentally locking people out of their accounts.

Resources Shared

Last updated 3 months ago

Was this helpful?