[Security Self-Assessment] Antrea
molofgarb opened this issue · comments
Details
Project Name: Antrea
Github URL: https://github.com/antrea-io/antrea
CNCF project stage: Sandbox preparing for Incubation
- Sandbox Proposal: cncf/toc#650
Security Provider: No
Self-assessment link (before PR): Antrea Security Self-Assessment
Tasks
-
Stage 1: Preparation
- Create a GitHub issue for the security self assessment of Antrea project.
- Issue Link in CNCF Tag-Security: #1142
- Create a place holder of security self assessment.
- Create a fork of the CNCF Tag-Security in your Github.
- Create a new folder for the Antrea project.
- Add the security self assessment template under the project folder.
- Issue link of Initial Commit: https://github.com/molofgarb/tag-security-11/tree/5390e86397b707f60067ec6917b03803e7802fde
- Review Documentation of the Antrea project.
- Create a GitHub issue for the security self assessment of Antrea project.
-
Stage 2: Understand the Project Landscape
- Understand the overall project at a sufficient level of detail.
- Update overview section
- Background
commit: molofgarb@61ad311 - Actors
commit: <commit_link> - Actions
commit: molofgarb@61ad311 - Goals
commit: <commit_link> - Non-Goals
commit: molofgarb@61ad311
- Background
-
Stage 3: First complete draft of the Self Assessment
- Document technical specifications of the Antrea project.
- Self assessment use
commit: molofgarb@bedc054 - Security functions and features
commit: <commit_link> - Project compliance
commit: <commit_link> - Secure development practices
commit: molofgarb@9cfad36 - Security issue resolution
commit: <commit_link> - Appendix
commit: <commit_link>
- Self assessment use
- Complete the security self assessment draft.
- Document technical specifications of the Antrea project.
-
Stage 4: Iteration with the project
- Initiate discussion with Antrea project maintainers.
- Incorporate inputs and feedback from Antrea project maintainers.
- Document the findings.
-
Stage 5: Finalization
- Initiate PR
- Get feedback and findings from reviewers
- Fix the findings
- Merge the PR
- Close the issue