search

cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
https://tag-security.cncf.io
Other
2.02k stars 505 forks source link

Micro-site: categorize and highlight presentations w/ better index #110

Closed ultrasaurus closed 1 year ago

ultrasaurus commented 5 years ago

Description: we want to surface the work that the group has done over the past 1.5 years and create a maintainable structure, so as we add more to the repo, parts of it will naturally update on the web also -- basically, more accessible content with some friendly pointers to the repo. We want to start small and iterate, so we thought starting with the presentation would be useful to people and relatively easy to put together. Other content (home page about) could be taken from readme, potentially refactoring parts into separate docs, if needed, to not have content replicated in multiple places. This isn't a site about the SIG, it's a site about cloud native security (knowledge sharing by SIG-Security).

Impact: Make the work of the group more accessible to a larger audience. Initial target audience is people who are already fairly knowledgable about cloud or about security (e.g. new group members), later expanding as the group creates more resources.

Scope: Initial version should take a few hours to 1 day of work to make the site... once we have all ther prerequisites figure out and a plan with review checkpoints, it could get done 3-4 weeks of calendar time for iterations and discussion to figure out exactly how to set up the files so that they are both easy to maintain and readable, allowing for at least a week in the middle for review/feedback from the wider group.

We have a lot of great source material about security use cases as well as from presentations from specific open source projects that provide solutions in this space

If you are interested in getting involved, pls comment on this issue and join #sig-security-web channel on slack

proposed directory structure:

/presentations

I've gotten a transcript for each session that I plan to post and with overview page for each, including a link to github issue, video, transcript, etc.

TODO:

Notes:

ultrasaurus commented 5 years ago

I'm thinking we should consider a static site generator like Hugo -- then we can keep meta-data in machine readable front-matter (though we could publish markdown as interim step, since I read that github now displays yaml front-matter)

ultrasaurus commented 5 years ago

here are some ideas of data representations for the presentations: https://github.com/ultrasaurus/safe/tree/presentation-page-format/presentations

izgeri commented 5 years ago

I like the idea of having a directory structure that is indicative of the type of meeting transcripts that are included in that dir. Maybe each dir could have its own README with an index of the file inside? Or we could use a static site generator.

mhausenblas commented 5 years ago

@ultrasaurus count me in. I've done a couple of sites with GitHub/Hugo combo already, the main question is where to host it. I usually use Amplify but I acknowledged the fact that Netlify is more popular (and arguably I'm biased re the former ;)

pbnj commented 5 years ago

Have we determined if this micro-site going to live as a subdomain on cncf.io or on its own domain?

ultrasaurus commented 5 years ago

@petermbenjamin added to TODO list -- need to follow-up with Amye to get an intro to the CNCF person who can answer whether there are any preferences on their side for URLs or visual styling.

I did nab cloud-native-security.info a while ago (before we started the CNCF WG / SIG process) and happy to donate that if people like it and we want / need our own domain. Though I do like security.cncf.io which seems more concise and readable.

mhausenblas commented 5 years ago

@ultrasaurus would you mind stating if you take care of it or want me to do it?

ultrasaurus commented 5 years ago

@mhausenblas will kick off an email thread to find the right person to coordinate with and cc you. It would be great if you could track that thread and update here as we learn answers

caniszczyk commented 5 years ago

hey @lucperkins from the CNCF can sketch out a simple hugo+netlify site

we can do something like sig-security.cncf.io

mhausenblas commented 5 years ago

Thanks, @ultrasaurus … yo @lucperkins can we sync regarding the micro-site, this week, please? My current understanding is that you'd be looking after infra (Hugo, hosting, etc.) and I more after the content? I suppose a quick (20min) meeting to resolve it would be ideal?

lucperkins commented 5 years ago

Status update: I'm working on something that's publicly available at https://sig-security.netlify.com. I'm building that from my personal fork of this repo: https://github.com/lucperkins/sig-security/tree/lperkins/website. It's definitely a WIP but I think a decent skeleton for iteration.

If it would be beneficial, I can submit a PR and we can discuss/collaborate there.

mhausenblas commented 5 years ago

@lucperkins: today @ultrasaurus and I sat together and developed a battle plan. Here's what we decided:

We can discuss details or open questions on the sig-security-web channel.

lucperkins commented 5 years ago

@mhausenblas I've updated the site in progress with the desired front page content as well as a search bar: https://sig-security.netlify.com/.

I've left the previous documents in place largely to demonstrate the search functionality. They'll be removed later.

mhausenblas commented 5 years ago

Awesome, thank you @lucperkins!

mhausenblas commented 4 years ago

Sorry for the long silence. Week after next (re:Invent) I'm back on track and wanted to see where we are with this issue and where/how I can contribute @ultrasaurus

chasemp commented 3 years ago

interested :)

TheFoxAtWork commented 3 years ago

@vinayvenkat tagging you here for awareness/interest

we'll need to define an editorial team to curate content, field content. this applies to the microblog #451 issue as well - at least to get started.

@pragashj mentioned a potential subdomain upcoming? security.cncf.io ? need POC to confirm and help figure this out.

apmarshall commented 3 years ago

Happy to help with this.

chasemp commented 3 years ago

Yep, seems like a great idea for discoverability and lots of stated points.

lumjjb commented 3 years ago

I would like to see if we can create some alignment with the work around #551 , I think there could be possibly be a part of the same site as the CNSmap, https://cnsmap.vercel.app/

So maybe we could have Cloud Native Security Map be one section and have "Presentations" or other subsections in which everyone can contribute to. The current templating we have for the CNSmap is based on markdown, so technically we could work it in a way to reflect content of the repo well.

lumjjb commented 3 years ago

Updating the issue comment for freshness of issue state

stale[bot] commented 3 years ago

This issue has been automatically marked as inactive because it has not had recent activity.

lumjjb commented 2 years ago

The plan is to have the CNSMap site evolve to become the microsite. The next usecase to expand on would be the Cloud native security lexicon #735 .

stale[bot] commented 2 years ago

This issue has been automatically marked as inactive because it has not had recent activity.

PushkarJ commented 2 years ago

K8s SIGs have something similar as a service for sub-projects: https://github.com/kubernetes/community/blob/master/github-management/subproject-site-requests.md

IAXES commented 2 years ago

Following up on a discussion w/ @lumjjb on this ticket: I've helped a few friends + colleagues use ReadTheDocs/sphinx/rST for sites. Works quite nicely for developer-driven documents, easy to setup a build + publish pipeline in Concourse and/or GitHub Actions. Also supports citations, cross-referencing, "code as documentation", etc.

Examples:

I'd be able to throw together a demo pretty quickly, if there's interest.

ultrasaurus commented 2 years ago

There were plenty of people willing to do the technical work, include CNCF staff who are available to help. What this project has always lacked is someone who is willing to curate content and, as needed, write/edit overview text for sections of the site.

vicenteherrera commented 2 years ago

I'll help you, will build a first alpha prototype that we can use to discuss the information, content and appearance. ;-)

ragashreeshekar commented 2 years ago

@ultrasaurus I can help on the curation. Here is a first draft of the content that I think we can cover @vicenteherrera that's some good work already, thanks. Please let me know your thoughts as well, and how we could articulate this in the site you are building. `

Who we are

What we've done

How do we do this

STAG charter outlines the scope of our group activities, as part of our governance process which details how we work.

Top 5 things we are working on

How to get involved

Related issues

Potentially related issues

vicenteherrera commented 2 years ago

Thanks for the proposed structure, I'll try to incorporate that to my test!

I've been preparing a test website, you can see it at: https://vicenteherrera.com/stag-web/ Code lives at the repo here: https://github.com/vicenteherrera/stag-web

Some interesting characteristics about it for this group:

I plan to work putting @ragashreeshekar shared content into this test, and when it's more mature, we can discuss the best way to really publish it and manage it.

ultrasaurus commented 2 years ago

this is great to see! Thought I would chime in with some historical notes, in case it's helpful..

When we were looking at this long ago, we were thinking of having it be a view of the main repo (with slight changes to structure if needed), so that new content would also appear in the repo itself. It has been a long time since I used Jekyll, but I think most static site generators have flexibility to pull templates from a sub-directory and markdown content from multiple directories. Just a thought. Happy to talk sometime 1-1 or small group if helpful (just reach out on Slack)

ragashreeshekar commented 2 years ago

@ultrasaurus Thanks, @vicenteherrera, and I will surely get connected to you. Hope the initial approach is ok, and we will reach out with some progress. Pls let us know your thoughts

vicenteherrera commented 2 years ago

@ultrasaurus You are right. There are several options for a GitHub page: root folder, specific folder, different branch, and of course, different repository. I believe same repository and using a specific directory (like "website") may be the better approach. That way you have the website content version linked to the rest of the content of the repository very easily, and the same review process to accept a PR should be in place. In my case, right now I just want to build a proof of concept, where I can experiment without tainting the original repo with branches, and a lot of false start commits. Right now I've tested already three different themes (from which I forked their own repositories), and I think I will transition from having all the files of the theme in the repo, to just reference it for a cleaner directory, so people that doesn't know Jekyll a lot don't have to filter those out to get to the relevant ones. But I think this theme is useful for us, and with @ragashreeshekar proposed structure it won't take long until we have a POC that we can use to discuss the final content and move to the main repository.

stale[bot] commented 1 year ago

This issue has been automatically marked as inactive because it has not had recent activity.

ragashreeshekar commented 1 year ago

@ultrasaurus I can help on the curation. Here is a first draft of the content that I think we can cover @vicenteherrera that's some good work already, thanks. Please let me know your thoughts as well, and how we could articulate this in the site you are building. `

Who we are

What we've done

How do we do this

STAG charter outlines the scope of our group activities, as part of our governance process which details how we work.

Top 5 things we are working on

How to get involved

Related issues

Potentially related issues

@vicenteherrera, please share if there is any update.

Some of the planned content is now available within the TAG repository:

  1. Who we are, what do we do, and how do we do them? - https://github.com/cncf/tag-security/#readme
  2. Published whitepapers, reference architecture and resources are available at https://github.com/cncf/tag-security/blob/main/PUBLICATIONS.md
  3. Resources for projects - https://github.com/cncf/tag-security/tree/main/project-resources
stale[bot] commented 1 year ago

This issue has been automatically marked as inactive because it has not had recent activity.

anvega commented 1 year ago

Closing now that we have https://tag-security.cncf.io/. To further the discussion on refinement and maintenance of the site, feel free to file issues against the site repository directly.