search

cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
https://cncf.io/projects
Other
1.99k stars 496 forks source link

CNCF Self Assessment: Rook #1172

Closed dhauss closed 5 months ago

dhauss commented 6 months ago

First draft of Rook Project Security Self-Assessment

netlify[bot] commented 6 months ago

Deploy Preview for tag-security canceled.

Name Link
Latest commit 441ed0e97f7cbf4a3d426d5d6af33aa0cbc5d3ea
Latest deploy log https://app.netlify.com/sites/tag-security/deploys/65a9781809db0e0008793ca3
eddie-knight commented 6 months ago

Hi there, thanks for the work you did on this self-assessment!

I'm just now cracking this open for review, and the first thing I noticed is that you included a dependency update for the website. Since Pull Requests should always be single purpose, it'll be best to have a standalone pull request that is focused on updating dependencies and validating those changes.

We still have a lot to review on this self-assessment, but could you remove the changes to website/ as a first step?

dhauss commented 6 months ago

Hey @ragashreeshekar and @eddie-knight , just double checking to see if there's anything pending I missed here? Also should I update the branch, or will that just bring back the unwanted changes to the website folder? Thank you!

eddie-knight commented 6 months ago

If there are no conflicts identified by github and the directory structure is unchanged, the branch rarely needs to be brought fully up to date.

I don't see anything off hand, but I'm replying from mobile currently. I believe this meets the criteria for moving on to the maintainer review process.