We use dbt at my organization in a limited capacity so far, but are expanding significantly with a new project built in dbt Core. As part of this new project, we’ve talked up the value of the dbt docs for both our engineering team and our data analysts, and everyone is excited about having the ability to explore the docs easily. We’re hosting the docs on an internal web server and regenerate/republish it with every code deployment. It works great in dev.
However, we’ve reached a roadblock in our org. We’re now readying for a prod deployment and are going through a rigorous cybersecurity review process. As part of this review, dbt-docs was flagged as a “high” security risk because it uses the AngularJS framework, which as we probably all know, has been deprecated and unsupported for many years. Our sec team will not approve our use of dbt-docs because of this. And honestly, I don’t think it’s entirely unreasonable to say that when deploying a new data project it should not use deprecated/unsupported libraries from the outset.
So my questions for the group are:
- I’m aware that dbt Catalog doesn’t use AngularJS. Is there any info about whether this improvement might ever trickle down to the OSS dbt Core?
- Has anyone faced a similar situation and either…
a. Convinced their org that the security risk is acceptable?
b. Pivoted to use an equally simple dropin replacement for dbt-docs? I’ve found dbt-colibri as an example but it doesn’t support every database adapter.
Thank you all!