docs(nx-dev): clarify enterprise security (#31089)

Updated content to specify vulnerabilities in community-built and Nx self-hosted cache solutions, highlighting risks like cache poisoning and lack of compliance with regulated industry security standards.
2025-05-06 14:12:31 -04:00 · 2025-05-06 14:12:31 -04:00 · 42a9a2c51a
commit 42a9a2c51a
parent 71de122579
1 changed files with 14 additions and 22 deletions
--- a/nx-dev/ui-enterprise/src/lib/security/failing-compliance.tsx
+++ b/nx-dev/ui-enterprise/src/lib/security/failing-compliance.tsx
@ -42,31 +42,23 @@ export function FailingCompliance(): ReactElement {
            </SectionDescription>
            <SectionDescription as="p" className="mt-6">
-              These community-built cache solutions all too often miss essential
+              Community-built cache solutions reading and writing directly from
-              safeguards—no integrity validation, no fine-grained access
+              the file storage are vulnerable to the Cache Poisoning by
-              controls, and no real-time token revocation:
+              Construction attack resulting in any contributor with pull request
              privileges being able to potentially inject compromised artifacts
              into production environments without detection.{' '}
              <Strong>
                This vulnerability completely circumvents conventional security
                protections like encryption, access control and key management
              </Strong>
              .
            </SectionDescription>
            <ul className="mt-4 list-disc space-y-1 pl-6 text-base leading-7">
              <li className="">nx-remotecache-azure</li>
              <li className="">turborepo-remote-cache</li>
              <li className="">nx-cache-server</li>
              <li className="">turborepo-remote-cache-cloudflare</li>
              <li className="">and others like them</li>
            </ul>
            <SectionDescription as="p" className="mt-6">
-              Our{' '}
+              Even our official Nx self-hosted plugins adds enhanced security
-              <Link
+              but follows a similar architecture. They are unable to make
-                href="/remote-cache"
+              guarantees about how cache artifacts are secured or accessed and
-                title="official Nx self-hosted plugin"
+              cannot meet the security demands of regulated industries.
                className="font-semibold underline"
              >
                official Nx self-hosted plugin
              </Link>{' '}
              adds enhanced security but follows a similar architecture to the
              packages above. It is unable to make guarantees about how cache
              artifacts are secured or accessed and cannot meet the security
              demands of regulated industries.
            </SectionDescription>
          </div>
          <div>