Skip to content

chore: enable fips compliance #1516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

chore: enable fips compliance #1516

wants to merge 8 commits into from

Conversation

@ijovovic
Copy link
Contributor

@ijovovic ijovovic commented Nov 12, 2025

Description

Changes proposed in this pull request:

  • enable fips140 compliance

@ijovovic ijovovic requested a review from a team as a code owner November 12, 2025 10:25
dushanpantic
dushanpantic previously approved these changes Dec 1, 2025
View reviewed changes
hyperspace-insights[bot]
hyperspace-insights bot reviewed Dec 1, 2025
View reviewed changes
Copy link

@hyperspace-insights hyperspace-insights bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary

This PR introduces FIPS 140 compliance to the build and runtime environment, which is a significant security and compliance change. However, several critical issues need to be addressed:

Major Concerns:

  1. Lack of documentation - No explanation of why FIPS mode is required or what impact it has
  2. Inconsistent configuration - FIPS settings differ between build, test, and runtime environments, which could lead to tests passing while production fails
  3. Hardcoded versions - The FIPS module version is hardcoded without justification or configurability
  4. Security implications unclear - Disabling ML-KEM (post-quantum crypto) and enforcing FIPS-only mode are significant decisions that need explanation
  5. Missing validation - No evidence that the application has been tested in FIPS-only mode

Recommendations:

  • Add comprehensive documentation about FIPS requirements and implementation
  • Ensure consistent FIPS configuration across all build/test/runtime scenarios
  • Consider making FIPS version configurable
  • Validate that all cryptographic operations in the codebase are FIPS-compliant
  • Add integration tests specifically for FIPS mode

Please address these concerns before merging to ensure the FIPS implementation is robust and maintainable.

PR Bot Information

Version: 1.15.19

  • Correlation ID: 32093360-ce98-11f0-88b8-fb1367eb2888
  • Event Trigger: issue_comment.created

@hyperspace-insights hyperspace-insights bot deleted a comment from vandjelk Dec 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tmilos77 tmilos77 tmilos77 left review comments

@hyperspace-insights hyperspace-insights[bot] hyperspace-insights[bot] left review comments

@dushanpantic dushanpantic dushanpantic left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

pr-build-image

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ijovovic @dushanpantic @tmilos77 @vandjelk