cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

https://cncf.io/projects

[Security Self-Assessment] OpenKruise

bradcush opened this issue 8 months ago · comments

bradley cushing commented 8 months ago

Details

Project Name: OpenKruise
Github URL: https://github.com/openkruise/kruise
CNCF project stage: Incubating
Security Provider: No
Self-assessment link: OpenKruise Self-assessment

Tasks

Stage-1: Preparation

Create a GitHub issue:
- Create a Github issue in CNCF TAG-Security Github repository to initiate the process.
- Update the information in the Github issue.
Review the Project Information:
- Review available project information and documentation.
- This includes prior KubeCon talks, webpages, project documentation, etc.
Create draft security self-assessment document:
- Fork the CNCF TAG-Security repository.
- Create a new folder for your project in the assessments/projects folder.
- Create a draft document for the security self assessment in your project folder.
- This document includes metadata details and placeholders for all sections.
- Update the Metadata section of the document.

Stage-2: Understanding the Project

Security Pals must understand the overall project at a sufficient level of details like:
- Project functionality and typical usage.
- Roles of involved parties (e.g., sidecar, central server, maintainers).
- Actions performed (e.g., data collection, query language, software release).
- Project's goals (e.g., access control, software source control).
- Project's non-goals (e.g., preventing insider data leaks).
Complete the following in the Overview section of the self assessment document:
- About Project
- Background
- Actors
- Actions
- Goals
- Non-Goals

Stage-3: First draft of the Self Assessment

Complete the following sections in the self assessment document:
- Self assessment use
- Security functions and features
- Project compliance
- Secure development practices
- Security issue resolution
- Appendix

Stage-4: Iteration with the project

Discuss and resolve open questions with project maintainers.
Take their inputs into the self-assessment.
Finalize the self-assessment.
Submit Pull Request to CNCF TAG-security with a finalized security self-assessment document.

Stage-5: Finailization

Fix self assessment based on feedback from TAG-Security reviewers
Merge the Pull Request.

bradley cushing commented 8 months ago

This has been moved to Rana-KV#4

Links

ProductDiscover

Data Powerby api.github.com. Remove your profile on the Giters? Go to settings.

Contact Site Admin: Giters.