Details

Project Name: Operator Framework

Github URL: https://github.com/operator-framework/operator-sdk

CNCF project stage: Incubation

• Incubation Proposal: - cncf/toc#303

Security Provider: No

Self-assessment link (before PR):

Tasks

• Stage 1: Preparation

  • Create a GitHub issue for the security self assessment of Operator Framework project.
    • Issue Link in CNCF Tag-Security: #1137
  • Create a place holder of security self assessment.
    • Create a fork of the CNCF Tag-Security in your Github.
    • Create a new folder for the Operator Framework project.
    • Add the security self assessment template under the project folder.
    • Issue link of Initial Commit: f6a0a31
  • Review Documentation of the Operator Framework project.

• Stage 2: Understand the Project Landscape

  • Understand the overall project at a sufficient level of detail.
  • Update overview section
    • Background
      commit: <commit_link>
    • Actors
      commit: <commit_link>
    • Actions
      commit: <commit_link>
    • Goals
      commit: <commit_link>
    • Non-Goals
      commit: <commit_link>

• Stage 3: First complete draft of the Self Assessment

  • Document technical specifications of the Operator Framework project.
    • Self assessment use
      commit: <commit_link>
    • Security functions and features
      commit: <commit_link>
    • Project compliance
      commit: <commit_link>
    • Secure development practices
      commit: <commit_link>
    • Security issue resolution
      commit: <commit_link>
    • Appendix
      commit: <commit_link>
  • Complete the security self assessment draft.

• Stage 4: Iteration with the project

  • Initiate discussion with Operator Framework project maintainers.
  • Incorporate inputs and feedback from Operator Framework project maintainers.
  • Document the findings.

• Stage 5: Finalization

  • Initiate PR
  • Get feedback and findings from reviewers
  • Fix the findings
  • Merge the PR
  • Close the issue