Profile Applicability:
Level 1
Description:
The resource consumption (CPU, memory, disk I/O, network) of build workers must be actively monitored to ensure optimal performance, prevent bottlenecks, and detect abnormal activity. Monitoring helps maintain the stability and efficiency of the build infrastructure.
Rationale:
Tracking resource usage enables early identification of performance issues, potential abuse, or failures in build workers. It supports capacity planning, reduces build delays, and helps prevent denial-of-service conditions or resource exhaustion attacks.
Impact:
Pros:
Improves build reliability and efficiency.
Enables proactive detection of resource anomalies.
Supports infrastructure capacity planning.
Enhances security by spotting unusual resource usage.
Cons:
Requires monitoring infrastructure and tools.
May increase operational overhead.
Default value:
Resource consumption of build workers may not be routinely monitored by default.
Audit:
Review monitoring system logs and dashboards for build worker resource metrics. Verify alerting configurations and incident response related to resource usage.
Remediation:
Implement monitoring solutions (e.g., Prometheus, Grafana, CloudWatch) for build workers. Set thresholds and alerts for resource usage. Regularly review metrics and adjust infrastructure accordingly.
References:
Prometheus Monitoring: https://prometheus.io/docs/introduction/overview/
AWS CloudWatch Metrics and Alarms: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html
CIS Controls v8, Control 8 - Audit Log Management: https://www.cisecurity.org/controls/audit-log-management/