Closed ultrasaurus closed 1 year ago
I'm thinking we should consider a static site generator like Hugo -- then we can keep meta-data in machine readable front-matter (though we could publish markdown as interim step, since I read that github now displays yaml front-matter)
here are some ideas of data representations for the presentations: https://github.com/ultrasaurus/safe/tree/presentation-page-format/presentations
I like the idea of having a directory structure that is indicative of the type of meeting transcripts that are included in that dir. Maybe each dir could have its own README with an index of the file inside? Or we could use a static site generator.
@ultrasaurus count me in. I've done a couple of sites with GitHub/Hugo combo already, the main question is where to host it. I usually use Amplify but I acknowledged the fact that Netlify is more popular (and arguably I'm biased re the former ;)
Have we determined if this micro-site going to live as a subdomain on cncf.io or on its own domain?
@petermbenjamin added to TODO list -- need to follow-up with Amye to get an intro to the CNCF person who can answer whether there are any preferences on their side for URLs or visual styling.
I did nab cloud-native-security.info
a while ago (before we started the CNCF WG / SIG process) and happy to donate that if people like it and we want / need our own domain. Though I do like security.cncf.io
which seems more concise and readable.
@ultrasaurus would you mind stating if you take care of it or want me to do it?
@mhausenblas will kick off an email thread to find the right person to coordinate with and cc you. It would be great if you could track that thread and update here as we learn answers
hey @lucperkins from the CNCF can sketch out a simple hugo+netlify site
we can do something like sig-security.cncf.io
Thanks, @ultrasaurus … yo @lucperkins can we sync regarding the micro-site, this week, please? My current understanding is that you'd be looking after infra (Hugo, hosting, etc.) and I more after the content? I suppose a quick (20min) meeting to resolve it would be ideal?
Status update: I'm working on something that's publicly available at https://sig-security.netlify.com. I'm building that from my personal fork of this repo: https://github.com/lucperkins/sig-security/tree/lperkins/website. It's definitely a WIP but I think a decent skeleton for iteration.
If it would be beneficial, I can submit a PR and we can discuss/collaborate there.
@lucperkins: today @ultrasaurus and I sat together and developed a battle plan. Here's what we decided:
We can discuss details or open questions on the sig-security-web
channel.
@mhausenblas I've updated the site in progress with the desired front page content as well as a search bar: https://sig-security.netlify.com/.
I've left the previous documents in place largely to demonstrate the search functionality. They'll be removed later.
Awesome, thank you @lucperkins!
Sorry for the long silence. Week after next (re:Invent) I'm back on track and wanted to see where we are with this issue and where/how I can contribute @ultrasaurus
interested :)
@vinayvenkat tagging you here for awareness/interest
we'll need to define an editorial team to curate content, field content. this applies to the microblog #451 issue as well - at least to get started.
@pragashj mentioned a potential subdomain upcoming? security.cncf.io ? need POC to confirm and help figure this out.
Happy to help with this.
Yep, seems like a great idea for discoverability and lots of stated points.
I would like to see if we can create some alignment with the work around #551 , I think there could be possibly be a part of the same site as the CNSmap, https://cnsmap.vercel.app/
So maybe we could have Cloud Native Security Map be one section and have "Presentations" or other subsections in which everyone can contribute to. The current templating we have for the CNSmap is based on markdown, so technically we could work it in a way to reflect content of the repo well.
Updating the issue comment for freshness of issue state
This issue has been automatically marked as inactive because it has not had recent activity.
The plan is to have the CNSMap site evolve to become the microsite. The next usecase to expand on would be the Cloud native security lexicon #735 .
This issue has been automatically marked as inactive because it has not had recent activity.
K8s SIGs have something similar as a service for sub-projects: https://github.com/kubernetes/community/blob/master/github-management/subproject-site-requests.md
Following up on a discussion w/ @lumjjb on this ticket: I've helped a few friends + colleagues use ReadTheDocs/sphinx/rST
for sites. Works quite nicely for developer-driven documents, easy to setup a build + publish pipeline in Concourse and/or GitHub Actions. Also supports citations, cross-referencing, "code as documentation", etc.
Examples:
I'd be able to throw together a demo pretty quickly, if there's interest.
There were plenty of people willing to do the technical work, include CNCF staff who are available to help. What this project has always lacked is someone who is willing to curate content and, as needed, write/edit overview text for sections of the site.
I'll help you, will build a first alpha prototype that we can use to discuss the information, content and appearance. ;-)
@ultrasaurus I can help on the curation. Here is a first draft of the content that I think we can cover @vicenteherrera that's some good work already, thanks. Please let me know your thoughts as well, and how we could articulate this in the site you are building. `
Our Charter - https://github.com/cncf/tag-security/blob/main/governance/charter.md#sig-security-charter
History
Our brand - https://github.com/cncf/tag-security/tree/main/design
Our team
Repository - https://github.com/cncf/tag-security
Papers
Presentations
Security assessments
Policy - https://github.com/cncf/tag-security/tree/main/policy
Events - https://github.com/cncf/tag-security/blob/main/cloud_native_security.md
STAG charter outlines the scope of our group activities, as part of our governance process which details how we work.
Contributors
Slack channel
Mailing list
Meeting calendar
Zoom
YouTube channel
Contact us
Security assessments
Related issues
Potentially related issues
Thanks for the proposed structure, I'll try to incorporate that to my test!
I've been preparing a test website, you can see it at: https://vicenteherrera.com/stag-web/ Code lives at the repo here: https://github.com/vicenteherrera/stag-web
Some interesting characteristics about it for this group:
I plan to work putting @ragashreeshekar shared content into this test, and when it's more mature, we can discuss the best way to really publish it and manage it.
this is great to see! Thought I would chime in with some historical notes, in case it's helpful..
When we were looking at this long ago, we were thinking of having it be a view of the main repo (with slight changes to structure if needed), so that new content would also appear in the repo itself. It has been a long time since I used Jekyll, but I think most static site generators have flexibility to pull templates from a sub-directory and markdown content from multiple directories. Just a thought. Happy to talk sometime 1-1 or small group if helpful (just reach out on Slack)
@ultrasaurus Thanks, @vicenteherrera, and I will surely get connected to you. Hope the initial approach is ok, and we will reach out with some progress. Pls let us know your thoughts
@ultrasaurus You are right. There are several options for a GitHub page: root folder, specific folder, different branch, and of course, different repository. I believe same repository and using a specific directory (like "website") may be the better approach. That way you have the website content version linked to the rest of the content of the repository very easily, and the same review process to accept a PR should be in place. In my case, right now I just want to build a proof of concept, where I can experiment without tainting the original repo with branches, and a lot of false start commits. Right now I've tested already three different themes (from which I forked their own repositories), and I think I will transition from having all the files of the theme in the repo, to just reference it for a cleaner directory, so people that doesn't know Jekyll a lot don't have to filter those out to get to the relevant ones. But I think this theme is useful for us, and with @ragashreeshekar proposed structure it won't take long until we have a POC that we can use to discuss the final content and move to the main repository.
This issue has been automatically marked as inactive because it has not had recent activity.
@ultrasaurus I can help on the curation. Here is a first draft of the content that I think we can cover @vicenteherrera that's some good work already, thanks. Please let me know your thoughts as well, and how we could articulate this in the site you are building. `
Who we are
- Our Charter - https://github.com/cncf/tag-security/blob/main/governance/charter.md#sig-security-charter
History
- TAG-Security - renamed STAG (TOC Issue 549)
- SAFE WG - renamed to CNCF Security TAG
- (Proposed) CNCF Policy Working Group - Merged into SAFE WG
- Our brand - https://github.com/cncf/tag-security/tree/main/design
Our team
- Chairs
- Tech Leads
- Contributors
What we've done
- Repository - https://github.com/cncf/tag-security
Papers
Cloud Native 8 - https://github.com/cncf/tag-security/blob/main/security-whitepaper/secure-defaults-cloud-native-8.md
Cloud Native Security Whitepaper
V2 (2022) - https://github.com/cncf/tag-security/tree/main/security-whitepaper/v2
V1 (2020) - https://github.com/cncf/tag-security/tree/main/security-whitepaper/v1
Supply chain Security Whitepaper - https://github.com/cncf/tag-security/tree/main/supply-chain-security/supply-chain-security-paper
Secure Software Factory Whitepaper - https://github.com/cncf/tag-security/tree/main/supply-chain-security/secure-software-factory
Cloud Native Security Controls Catalog - https://github.com/cncf/tag-security/blob/main/cloud-native-controls/phase-one-announcement.md
Cloud Native Security Map - https://github.com/cncf/tag-security/tree/main/security-whitepaper/cnsmap
Cloud Native Security Lexicon - https://github.com/cncf/tag-security/tree/main/security-lexicon
- Presentations
Security assessments
- Buildpacks - https://github.com/cncf/tag-security/tree/main/assessments/projects/buildpacks
- Cloud Custodian - https://github.com/cncf/tag-security/tree/main/assessments/projects/custodian
- Harbor - https://github.com/cncf/tag-security/tree/main/assessments/projects/harbor
- In-toto - https://github.com/cncf/tag-security/tree/main/assessments/projects/in-toto
- Keycloak - https://github.com/cncf/tag-security/tree/main/assessments/projects/keycloak
- Kyverno - https://github.com/cncf/tag-security/tree/main/assessments/projects/kyverno
- OPA - https://github.com/cncf/tag-security/tree/main/assessments/projects/opa
- Spiffe-Spire - https://github.com/cncf/tag-security/tree/main/assessments/projects/spiffe-spire
- Policy - https://github.com/cncf/tag-security/tree/main/policy
- Events - https://github.com/cncf/tag-security/blob/main/cloud_native_security.md
How do we do this
STAG charter outlines the scope of our group activities, as part of our governance process which details how we work.
Top 5 things we are working on
- SecurityCon at KubeCon+CloudNativeCon NA 2022 - SecurityCon at KubeCon+CloudNativeCon NA 2022 #939
- Cloud Native Security Controls Catalog v2 - Cloud Native Security Controls Mapping to NIST ( Phase II for #635) #845
- Serverless Security Whitepaper - Serverless Security White Paper - Cloud Native Security Best Practices #546
- Cloud Native Security Map v2 - [Proposal] CNCF Cloud Native Security Map - v2 #737
- Cloud Native Security Whitepaper - Audio project - Audio recordings of CNCF Security Papers #606
How to get involved
Contributors
Slack channel
Hangout in the CNCF Slack
Our channel is #tag-security
Mailing list
Join our mailing list at CNCF Lists TAG-Security
Join the Mailing List to receive the calendar meeting invite.
Meeting calendar
CNCF Event Calendar
We meet every Wednesday at 10 am PT| 1 pm ET| 6 pm GMT
Zoom
Join our call live on Zoom
cncftagsecurity passcode: 77777
YouTube channel
Missed a meeting?
No drama - catch up from a recording!
Contact us
Chairs & Tech Leads - cncf-tag-security-chairs@lists.cncf.io
Security assessments
Guide - https://github.com/cncf/tag-security/tree/main/assessments/guide
Contact us
Chairs & Tech Leads - cncf-tag-security-chairs@lists.cncf.io`
Related issues
- [Suggestion] Improve new member experience, allow easier involvement/induction #666
- [Proposal] "landing page" for new visitors #826
Potentially related issues
@vicenteherrera, please share if there is any update.
Some of the planned content is now available within the TAG repository:
This issue has been automatically marked as inactive because it has not had recent activity.
Closing now that we have https://tag-security.cncf.io/. To further the discussion on refinement and maintenance of the site, feel free to file issues against the site repository directly.
Description: we want to surface the work that the group has done over the past 1.5 years and create a maintainable structure, so as we add more to the repo, parts of it will naturally update on the web also -- basically, more accessible content with some friendly pointers to the repo. We want to start small and iterate, so we thought starting with the presentation would be useful to people and relatively easy to put together. Other content (home page about) could be taken from readme, potentially refactoring parts into separate docs, if needed, to not have content replicated in multiple places. This isn't a site about the SIG, it's a site about cloud native security (knowledge sharing by SIG-Security).
Impact: Make the work of the group more accessible to a larger audience. Initial target audience is people who are already fairly knowledgable about cloud or about security (e.g. new group members), later expanding as the group creates more resources.
Scope: Initial version should take a few hours to 1 day of work to make the site... once we have all ther prerequisites figure out and a plan with review checkpoints, it could get done 3-4 weeks of calendar time for iterations and discussion to figure out exactly how to set up the files so that they are both easy to maintain and readable, allowing for at least a week in the middle for review/feedback from the wider group.
We have a lot of great source material about security use cases as well as from presentations from specific open source projects that provide solutions in this space
If you are interested in getting involved, pls comment on this issue and join #sig-security-web channel on slack
proposed directory structure:
/presentations
I've gotten a transcript for each session that I plan to post and with overview page for each, including a link to github issue, video, transcript, etc.
TODO:
Notes: