[Security Self-Assessment] Jaeger
jw6680 opened this issue · comments
Details
Project Name: Jaeger
Github URL: https://github.com/jaegertracing/jaeger
CNCF project stage: Sandbox preparing for Incubation / Incubation preparing for Graduation / Graduated
- Graduation Proposal: https://github.com/jaegertracing/jaeger
Security Provider: No
Self-assessment link (before PR): Jaeger Security Self-Assessment
Tasks
-
Stage 1: Preparation
- Create a GitHub issue for the security self assessment of Jaeger project.
- Issue Link in CNCF Tag-Security: #1143
- Create a place holder of security self assessment.
- Create a fork of the CNCF Tag-Security in your Github.
- Create a new folder for the Jaeger project.
- Add the security self assessment template under the project folder.
- Issue link of Initial Commit: cp-57@5ea7728
- Review Documentation of the Jaeger project.
- Create a GitHub issue for the security self assessment of Jaeger project.
-
Stage 2: Understand the Project Landscape
- Understand the overall project at a sufficient level of detail.
- Update overview section
- Background
commit: <commit_link> - Actors
commit: <commit_link> - Actions
commit: <commit_link> - Goals
commit: <commit_link> - Non-Goals
commit: <commit_link>
- Background
-
Stage 3: First complete draft of the Self Assessment
- Document technical specifications of the <project_name> project.
- Self assessment use
commit: <commit_link> - Security functions and features
commit: <commit_link> - Project compliance
commit: <commit_link> - Secure development practices
commit: <commit_link> - Security issue resolution
commit: <commit_link> - Appendix
commit: <commit_link>
- Self assessment use
- Complete the security self assessment draft.
- Document technical specifications of the <project_name> project.
-
Stage 4: Iteration with the project
- Initiate discussion with <project_name> project maintainers.
- Incorporate inputs and feedback from <project_name> project maintainers.
- Document the findings.
-
Stage 5: Finalization
- Initiate PR
- Get feedback and findings from reviewers
- Fix the findings
- Merge the PR
- Close the issue