This is a simple Python script that will take a list of hostnames and prints out SSL scan reports for each host.
sudo dnf install go-task
go-task docker-build
docker run -it -e DEBUG=1 ssl_report.py:1.0.0 www.google.com www.yahoo.comNote: Assuming your are using RedHat based system like RHEL, Rocky Linux, or Fedora Server. If not, please use the packaging system for your system accordingly.
- How would you scale this script and run it with resiliency to handle thousands of domains?
Answer: To scale the script and enhance its resiliency for handling thousands of domains, I would leverage the concurrency features of asyncio and aiohttp to enable non-blocking API requests, ensuring intelligent rate limit management. Additionally, caching successful responses would minimize redundant requests. For distributed execution and enhanced resilience, deploying the script on a cloud provider's Kubernetes service, such as GCP's GKE, would be advantageous.
- How would you monitor/alert on this service?
Answer: For monitoring and alerting, I would utilize Python's Logging module for structured logging and integrate it with a centralized logging solution, like syslog-ng or a cloud provider's logging service (e.g., GCP's Cloud Logging), using their respective APIs. Monitoring would focus on critical metrics such as API error counts, response times, request rates, and standard system metrics like CPU, memory, and storage utilization if reports are stored.
- What would you do to handle adding new domains to scan or manage certificate expiry events from your service?
Answer: To manage the addition of new domains or certificate expiry events, I would opt for a dynamic configuration approach. This could be achieved through a CI/CD process for automated builds, tests, and deployments with updated configurations, or by utilizing an external configuration management process, where configurations are stored in a cloud storage bucket or persistent volume accessible to all service containers.
- After some time, your report requires more enhancements requested by the Tech team of the company. How would you handle these "continuous" requirement changes in a sustainable manner?
Answer: To sustainably manage continuous requirement changes, I would implement a robust CI/CD process. Changes would be introduced through pull requests (PRs), triggering a rebase of the feature branch followed by automated build and test procedures that report back to the PR. Upon approval and merging, the CI/CD pipeline would proceed with building, testing, pushing the updated code to a registry, and finally deploying it to production, ensuring a smooth and systematic update cycle.