search

cdfoundation / cdf-landscape

🌄 CDF Landscape: a living document that developers, investors, vendors, researchers and others can use as a resource on the landscape of continuous delivery
https://l.cd.foundation
Apache License 2.0
124 stars 74 forks source link

Security and Compliance Category #172

Open MarckK opened 3 years ago

MarckK commented 3 years ago

Category request:

The CDF landscape should have a security and compliance category for projects such as OPA.

MarckK commented 3 years ago

@obowersa has noted the lack of a good category for tools such as white source, blackduck, etc.

82

Note: WhiteSource is currently on the landscape un Library Management category. This may not be the best category for them.

oleg-nenashev commented 3 years ago

I would suggest adding "Dependency management" category that IMHO includes both dependency analysis (Whitesource & Co) and update automation (e.g. Dependabot, UpdateCLI)

MarckK commented 3 years ago

175

sbtaylor15 commented 3 years ago

Point to the OpenSSF landscape as a embedded landscape link. This will enable us to have the OpenSSF maintain the landscape for this category.

MarckK commented 3 years ago

From landscape wg meeting 12.11.21, we will keep current devsecops category on cdf landscape, as well as future linking to OpenSSF landscape.

PRs welcome to augment devsecops category

MarckK commented 3 years ago

Update, with the changes to Observability and Analysis category (see #203), the DevSecOps category will appear like this:

Screenshot 2021-11-26 at 16 20 46

📣 The Security / DevSecOps category could use a good deal of augmentation.

✍️ Please add specific suggestions to this issue of additional projects / subcategories to add, etc