Details

Project Name: emissary-ingress/emissary

Github URL: emissary

CNCF project stage: Incubation preparing for Graduation

• Incubation Proposal: cncf/toc#435

Security Provider: No

Self-assessment link (before PR):

Tasks

• Stage 1: Preparation

  • Create a GitHub issue for the security self assessment of emissary-ingress/emissary project.
    • Issue Link in CNCF Tag-Security:
  • Create a place holder of security self assessment.
    • Create a fork of the CNCF Tag-Security in your Github.
    • Create a new folder for the emissary-ingress/emissary project.
    • Add the security self assessment template under the project folder.
    • Issue link of Initial Commit:
  • Review Documentation of the emissary-ingress/emissary project.

• Stage 2: Understand the Project Landscape

  • Understand the overall project at a sufficient level of detail.
  • Update overview section
    • Background
      commit: <commit_link>
    • Actors
      commit: <commit_link>
    • Actions
      commit: <commit_link>
    • Goals
      commit: <commit_link>
    • Non-Goals
      commit: <commit_link>

• Stage 3: First complete draft of the Self Assessment

  • Document technical specifications of the emissary-ingress/emissary project.
    • Self assessment use
      commit: <commit_link>
    • Security functions and features
      commit: <commit_link>
    • Project compliance
      commit: <commit_link>
    • Secure development practices
      commit: <commit_link>
    • Security issue resolution
      commit: <commit_link>
    • Appendix
      commit: <commit_link>
  • Complete the security self assessment draft.

• Stage 4: Iteration with the project

  • Initiate discussion with emissary-ingress/emissary project maintainers.
  • Incorporate inputs and feedback from emissary-ingress/emissary project maintainers.
  • Document the findings.

• Stage 5: Finalization

  • Initiate PR
  • Get feedback and findings from reviewers
  • Fix the findings
  • Merge the PR
  • Close the issue