Closed molofgarb closed 5 months ago
Name | Link |
---|---|
Latest commit | ca240f883c8e7fd3098dc5b154c997d382c88cac |
Latest deploy log | https://app.netlify.com/sites/tag-security/deploys/65a7fe5dc5b1c70009d61199 |
Hi there, and thanks for your work on this self assessment!
I noticed that you included an SBOM along with the self assessment. There are two reasons that jump to the front of my mind for why this isn't needed...
We still have plenty more to review, but as a starter— could you please remove the SBOM from this PR?
Hi there, and thanks for your work on this self assessment!
I noticed that you included an SBOM along with the self assessment. There are two reasons that jump to the front of my mind for why this isn't needed...
1. SBOMs should be associated with releases, as the bill of materials is only accurate and useful if it is created at build time and associated to a particular point in the code history. 2. If you need to link to an SBOM for some reason in the self-assessment, you can just provide a link out to the latest build artifacts that contain an SBOM.
We still have plenty more to review, but as a starter— could you please remove the SBOM from this PR?
Hi Eddie, thank you for your feedback! We initially included the SBOM because a section for the SBOM is present in the self-assessment template. Your points are right though and we have removed the SBOM and its section in the self-assessment from our latest force push.
I'm an Antrea maintainer and I just wanted to say thank you for taking the time to work on that!
In our previous push, we have added a table to the "Related Projects and Vendors" section to briefly compare CNI projects.
Thank you for your feedback @ragashreeshekar! We will work on adding your suggested changes and let you know once we have resolved them.
Hi @torinvdb, thank you for your suggestions! We have added your changes to our most recent push.
Created and added first draft for Antrea Project Security Self-Assessment.
We are still finalizing the implementation of feedback from the Antrea maintainers for a couple of sub-sections. The PR will be updated by force-pushes as we finish our revisions.
Please feel free to share your feedback on the security self-assessment!