search

cncf / tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
https://tag-security.cncf.io
Other
2.03k stars 509 forks source link

CNI Project Security Self-Assessment - Security Pals #1197

Closed jasonliny closed 8 months ago

jasonliny commented 9 months ago

Created and added first draft for CNI Project Security Self-Assessment. Please feel free to share your feedback on the security self-assessment!

netlify[bot] commented 9 months ago

Deploy Preview for tag-security canceled.

Name Link
Latest commit 8c042dfd7bb145399c2d99c6e2dc324ef81e4568
Latest deploy log https://app.netlify.com/sites/tag-security/deploys/65a96c0bfbc06c0008d7c02d
jasonliny commented 9 months ago

Thank you for the initial feedback. I have removed the SBOM for the time being since CNI doesn't generate one at the moment and I believe I have removed any preexisting template text.

jasonliny commented 9 months ago

I removed the recommendations, added the authors near the top, and clarified that the self-assessment was made for the CNI project as opposed to being created by the CNI team. Thanks for the additional feedback. Please feel free let me know if there are any issues with the changes or with other parts of the document.

jasonliny commented 9 months ago

I have made the corrections to the first sentence in the Overview and in the Background section, added a sentence expanding on how a library is provided for integrating CNI into products and that the team maintains some reference plugins.