Giters

cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

Home Page:https://tag-security.cncf.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Security Self-Assessment] Jaeger

jw6680 opened this issue · comments

commented

Details

Project Name: Jaeger

Github URL: https://github.com/jaegertracing/jaeger

CNCF project stage: Sandbox preparing for Incubation / Incubation preparing for Graduation / Graduated

Security Provider: No

Self-assessment link (before PR): Jaeger Security Self-Assessment

Tasks

  • Stage 1: Preparation

    • Create a GitHub issue for the security self assessment of Jaeger project.
      • Issue Link in CNCF Tag-Security: #1143
    • Create a place holder of security self assessment.
      • Create a fork of the CNCF Tag-Security in your Github.
      • Create a new folder for the Jaeger project.
      • Add the security self assessment template under the project folder.
      • Issue link of Initial Commit: cp-57@5ea7728
    • Review Documentation of the Jaeger project.

  • Stage 2: Understand the Project Landscape

    • Understand the overall project at a sufficient level of detail.
    • Update overview section
      • Background
        commit: <commit_link>
      • Actors
        commit: <commit_link>
      • Actions
        commit: <commit_link>
      • Goals
        commit: <commit_link>
      • Non-Goals
        commit: <commit_link>

  • Stage 3: First complete draft of the Self Assessment

    • Document technical specifications of the <project_name> project.
      • Self assessment use
        commit: <commit_link>
      • Security functions and features
        commit: <commit_link>
      • Project compliance
        commit: <commit_link>
      • Secure development practices
        commit: <commit_link>
      • Security issue resolution
        commit: <commit_link>
      • Appendix
        commit: <commit_link>
    • Complete the security self assessment draft.

  • Stage 4: Iteration with the project

    • Initiate discussion with <project_name> project maintainers.
    • Incorporate inputs and feedback from <project_name> project maintainers.
    • Document the findings.

  • Stage 5: Finalization

    • Initiate PR
    • Get feedback and findings from reviewers
    • Fix the findings
    • Merge the PR
    • Close the issue