[Security Self-Assessment] KubeVirt
molofgarb opened this issue · comments
Details
Project Name: KubeVirt
Github URL: https://github.com/kubevirt/kubevirt
CNCF project stage: Incubation preparing for Graduation
- Incubation Proposal: kubevirt/kubevirt#5172
Security Provider: No
Self-assessment link (before PR): KubeVirt Security Self-Assessment
Tasks
-
Stage 1: Preparation
- Create a GitHub issue for the security self assessment of KubeVirt project.
- Issue Link in CNCF Tag-Security:
- Create a place holder of security self assessment.
- Create a fork of the CNCF Tag-Security in your Github.
- Create a new folder for the KubeVirt project.
- Add the security self assessment template under the project folder.
- Issue link of Initial Commit: https://github.com/molofgarb/tag-security-11/tree/5390e86397b707f60067ec6917b03803e7802fde
- Review Documentation of the KubeVirt project.
- Create a GitHub issue for the security self assessment of KubeVirt project.
-
Stage 2: Understand the Project Landscape
- Understand the overall project at a sufficient level of detail.
- Update overview section
- Background
commit: <commit_link> - Actors
commit: <commit_link> - Actions
commit: <commit_link> - Goals
commit: <commit_link> - Non-Goals
commit: <commit_link>
- Background
-
Stage 3: First complete draft of the Self Assessment
- Document technical specifications of the KubeVirt project.
- Self assessment use
commit: <commit_link> - Security functions and features
commit: <commit_link> - Project compliance
commit: <commit_link> - Secure development practices
commit: <commit_link> - Security issue resolution
commit: <commit_link> - Appendix
commit: <commit_link>
- Self assessment use
- Complete the security self assessment draft.
- Document technical specifications of the KubeVirt project.
-
Stage 4: Iteration with the project
- Initiate discussion with KubeVirt project maintainers.
- Incorporate inputs and feedback from KubeVirt project maintainers.
- Document the findings.
-
Stage 5: Finalization
- Initiate PR
- Get feedback and findings from reviewers
- Fix the findings
- Merge the PR
- Close the issue
Kubevirt has already been assessed and in progress
@molofgarb I apologize for the confusion. You should do the Security Pals work on the project, but please fork the repo and only open an issue in the last step (when we're ready to ask TAG Security to review and merge).
Pranava and I will update the guidance to be clearer.