cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

Home Page:https://tag-security.cncf.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Security Self Assessment] Operator Framework

Brandonpinos opened this issue · comments

Details

Project Name: Operator Framework

Github URL: https://github.com/operator-framework/operator-sdk

CNCF project stage: Incubation

Security Provider: No

Self-assessment link (before PR):

Tasks

  • Stage 1: Preparation

    • Create a GitHub issue for the security self assessment of Operator Framework project.
      • Issue Link in CNCF Tag-Security: #1137
    • Create a place holder of security self assessment.
      • Create a fork of the CNCF Tag-Security in your Github.
      • Create a new folder for the Operator Framework project.
      • Add the security self assessment template under the project folder.
      • Issue link of Initial Commit: f6a0a31
    • Review Documentation of the Operator Framework project.
  • Stage 2: Understand the Project Landscape

    • Understand the overall project at a sufficient level of detail.
    • Update overview section
      • Background
        commit: <commit_link>
      • Actors
        commit: <commit_link>
      • Actions
        commit: <commit_link>
      • Goals
        commit: <commit_link>
      • Non-Goals
        commit: <commit_link>
  • Stage 3: First complete draft of the Self Assessment

    • Document technical specifications of the Operator Framework project.
      • Self assessment use
        commit: <commit_link>
      • Security functions and features
        commit: <commit_link>
      • Project compliance
        commit: <commit_link>
      • Secure development practices
        commit: <commit_link>
      • Security issue resolution
        commit: <commit_link>
      • Appendix
        commit: <commit_link>
    • Complete the security self assessment draft.
  • Stage 4: Iteration with the project

    • Initiate discussion with Operator Framework project maintainers.
    • Incorporate inputs and feedback from Operator Framework project maintainers.
    • Document the findings.
  • Stage 5: Finalization

    • Initiate PR
    • Get feedback and findings from reviewers
    • Fix the findings
    • Merge the PR
    • Close the issue