[Security Self Assessment] Operator Framework
Brandonpinos opened this issue · comments
Brandonpinos commented
Details
Project Name: Operator Framework
Github URL: https://github.com/operator-framework/operator-sdk
CNCF project stage: Incubation
- Incubation Proposal: - cncf/toc#303
Security Provider: No
Self-assessment link (before PR):
Tasks
-
Stage 1: Preparation
- Create a GitHub issue for the security self assessment of Operator Framework project.
- Issue Link in CNCF Tag-Security: #1137
- Create a place holder of security self assessment.
- Create a fork of the CNCF Tag-Security in your Github.
- Create a new folder for the Operator Framework project.
- Add the security self assessment template under the project folder.
- Issue link of Initial Commit: f6a0a31
- Review Documentation of the Operator Framework project.
- Create a GitHub issue for the security self assessment of Operator Framework project.
-
Stage 2: Understand the Project Landscape
- Understand the overall project at a sufficient level of detail.
- Update overview section
- Background
commit: <commit_link> - Actors
commit: <commit_link> - Actions
commit: <commit_link> - Goals
commit: <commit_link> - Non-Goals
commit: <commit_link>
- Background
-
Stage 3: First complete draft of the Self Assessment
- Document technical specifications of the Operator Framework project.
- Self assessment use
commit: <commit_link> - Security functions and features
commit: <commit_link> - Project compliance
commit: <commit_link> - Secure development practices
commit: <commit_link> - Security issue resolution
commit: <commit_link> - Appendix
commit: <commit_link>
- Self assessment use
- Complete the security self assessment draft.
- Document technical specifications of the Operator Framework project.
-
Stage 4: Iteration with the project
- Initiate discussion with Operator Framework project maintainers.
- Incorporate inputs and feedback from Operator Framework project maintainers.
- Document the findings.
-
Stage 5: Finalization
- Initiate PR
- Get feedback and findings from reviewers
- Fix the findings
- Merge the PR
- Close the issue