Cortex Project Security Self-Assessment - Security Pals

[heydc7]

Created and added the first draft of Cortex Project Security Self-Assessment. Please feel free to share your thoughts on the security self-assessment.

Contributors: Dhanraj Chavan, Raiya Haque, Abdul Alhazmi, Sushanth Ravipalli

[netlify[bot]]

✅ Deploy Preview for tag-security canceled.

Name	Link
🔨 Latest commit	9042939f823b5eb1f510122a0b900ae0ce2b0c19
🔍 Latest deploy log	https://app.netlify.com/sites/tag-security/deploys/65b2af8101c83b00086e3624

[eddie-knight]

Hi there! I'm just getting started looking at your pull request, and I noticed the DCO check is failing.

You can look at the checks section of the PR (I believe it should always be below the last comment) and look for a red X highlighting the failed check. In this case, you can click Details for more information about how to get that check passing.

[eddie-knight]

I noticed that you included an SBOM along with the self assessment. There are two reasons that jump to the front of my mind for why this isn't needed...

1. SBOMs should be associated with releases, as the bill of materials is only accurate and useful if it is created at build time and associated to a particular point in the code history.
2. If you need to link to an SBOM for some reason in the self-assessment, you can just provide a link out to the latest build artifacts that contain an SBOM.

We still have plenty more to review, but as a starter— could you please remove the SBOM from this PR?

[heydc7]

Sure, I'll remove SBOM from this assessment. I have fixed the DCO check.

[heydc7]

Done. Removed SBOM ✅

[heydc7]

Ok, we will do it.

[heydc7]

Done ✅

[heydc7]

PR Branch updated

[heydc7]

All changes are done ✅