Skip to main content

Patching

The Modernisation Platform hosts much of the MoJs legacy infrastructure, like any software, this needs patching and updates to ensure the software stays secure.

Patching Policy

The Modernisation Platform team are responsible for the patching and updating of the core platform infrastructure and any tools or pipelines that we provide. Please see Our Offer for details on our shared responsibility model.

We expect application teams to keep their infrastructure and application patched and up-to-date.

If we discover a high risk vulnerability and are unable to contact the application team, we reserve the right to apply patching, updates or take the application offline if we feel the platform or MoJ are at risk.

Patching and updating we currently do as a platform

Patch / Update Method Scope
Github Actions Dependabot Platform and user code
Terraform module dependancies Dependabot Platform and user code
Golang Code Dependabot Platform code
Terraform Auto upgrades for minor releases, issues raised for major releases. Platform and user code
Terraform Providers Ad-hoc as new versions released Platform code
Documentation Daniel the manual spaniel Slack bot Platform documentation
SCA Tools Always pull from latest Platform and user code
Platform Bastions Whenever Terraform is run User code
EC2 Instances Patching Module Platform instances
RDS Instances Auto minor version upgrade option Platform and user instances

More information

Please see our Patching ADR or contact us for more information on our patching plans.

More information on automated patching

This page was last reviewed on 20 December 2024. It needs to be reviewed again on 20 June 2025 by the page owner #modernisation-platform .
This page was set to be reviewed before 20 June 2025 by the page owner #modernisation-platform. This might mean the content is out of date.