CoreDNS Project Security Self-Assessment - Security Pals

[TomY-Zhang]

Created and added first draft for CoreDNS Project Security Self-Assessment. Please feel free to share your feedback on the security self-assessment.

[netlify[bot]]

✅ Deploy Preview for tag-security ready!

Name	Link
🔨 Latest commit	9043b2bc3576c20a0b8e615b6de8345768ecdd9f
🔍 Latest deploy log	https://app.netlify.com/sites/tag-security/deploys/65b16004b60ce100080f7105
😎 Deploy Preview	https://deploy-preview-1189--tag-security.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[eddie-knight]

Hi there, and thanks for your work on this self assessment!

I noticed that you included an SBOM along with the self assessment. There are two reasons that jump to the front of my mind for why this isn't needed...

1. SBOMs should be associated with releases, as the bill of materials is only accurate and useful if it is created at build time and associated to a particular point in the code history.
2. If you need to link to an SBOM for some reason in the self-assessment, you can just provide a link out to the latest build artifacts that contain an SBOM.

We still have plenty more to review, but as a starter— could you please remove the SBOM from this PR?

[TomY-Zhang]

Hi @eddie-knight,

I removed the SBOM from the self-assessment. We do need a SBOM, but unfortunately, there isn't any SBOM released with each release of the project.

[rsc1102]

Hi @ragashreeshekar, Thank you for your suggestions. We have made the necessary changes. Please review our self-assessment so that we can finalize the document.

[TomY-Zhang]

Hi @eddie-knight ,

I have modified the assessment in accordance to your suggestions.

[rsc1102]

@torinvdb @ragashreeshekar the suggestions have been commited.

[JustinCappos]

@ragashreeshekar Can you update your review please?