[Security Self Assessment] emissary-ingress / emissary
yashaswi2000 opened this issue · comments
Yashaswi Makula commented
Details
Project Name: emissary-ingress/emissary
Github URL: emissary
CNCF project stage: Incubation preparing for Graduation
- Incubation Proposal: cncf/toc#435
Security Provider: No
Self-assessment link (before PR):
Tasks
-
Stage 1: Preparation
- Create a GitHub issue for the security self assessment of emissary-ingress/emissary project.
- Issue Link in CNCF Tag-Security:
- Create a place holder of security self assessment.
- Create a fork of the CNCF Tag-Security in your Github.
- Create a new folder for the emissary-ingress/emissary project.
- Add the security self assessment template under the project folder.
- Issue link of Initial Commit:
- Review Documentation of the emissary-ingress/emissary project.
- Create a GitHub issue for the security self assessment of emissary-ingress/emissary project.
-
Stage 2: Understand the Project Landscape
- Understand the overall project at a sufficient level of detail.
- Update overview section
- Background
commit: <commit_link> - Actors
commit: <commit_link> - Actions
commit: <commit_link> - Goals
commit: <commit_link> - Non-Goals
commit: <commit_link>
- Background
-
Stage 3: First complete draft of the Self Assessment
- Document technical specifications of the emissary-ingress/emissary project.
- Self assessment use
commit: <commit_link> - Security functions and features
commit: <commit_link> - Project compliance
commit: <commit_link> - Secure development practices
commit: <commit_link> - Security issue resolution
commit: <commit_link> - Appendix
commit: <commit_link>
- Self assessment use
- Complete the security self assessment draft.
- Document technical specifications of the emissary-ingress/emissary project.
-
Stage 4: Iteration with the project
- Initiate discussion with emissary-ingress/emissary project maintainers.
- Incorporate inputs and feedback from emissary-ingress/emissary project maintainers.
- Document the findings.
-
Stage 5: Finalization
- Initiate PR
- Get feedback and findings from reviewers
- Fix the findings
- Merge the PR
- Close the issue