(GA) Make cyberark-secrets-provider-for-k8s as public repo

[nessiLahav]

DO NOT MERGE

requirements for making repos public: https://github.com/conjurinc/docs/blob/master/reference/open_source/public_repos.md

[sigalsax]

To make a repo public we need to follow the following:

• [x] Notify both Geri + Brian and request to make repo public
• [ ] Post in ConjurHQ Slack in #about-oss (before doing so see below**)

** !!! Have the following ready before posting in channel

• [x] A license (Apache 2.0 for demos and client libraries) (Oren says this is done)
• [x] A README must be provided
  • [x] Contain description of the project and its intended use
  • [x] Has project description and URL has been set (otherwise should be https://www.conjur.org) (awaiting Geri)
  • [x] Link back to entry-point page for OSS (https://github.com/cyberark/) so contributors can link back to OSS community to see what other projects we offer
  • [x] Indicate which versions of our software and tools our project supports based on our testings (awaiting Inbal)
  • [x] Release checklist must be reviewed to ensure we have met the requirements for each release and this should be described in the README (awaiting Geri)
  • [x] README should include release state (awaiting Geri)
    • NOTE: what are the known limitations of our project? are there known bugs?
  • [x] It must be decided who will maintain the repo (and have a list of others to cover them if on vacation/leave) (awaiting Geri for info on how to add maintainers to repo)
    • Maintainers watch for damaging PRs or issues
    • Maintainers will receive alerts from GH on discovered vulnerabilities from 3rd party libraries that are in repo.
    • NOTE: I have added us as maintainers for the project but believe we need to talk to Geri about setting us up as maintainers for the repo
• [x] A CONTRIBUTING.md should be included. Suggestion: I would mimic secretless’s format https://github.com/cyberark/secretless-broker/blob/latest/CONTRIBUTING.md
  • [x] How to contribute? (get env up and running, building, testing)
  • [x] What is the workflow?
  • [x] Style guide?
  • [x] Should include links to CLA documents for contributors to sign before contributing
• [x] The repo must be scanned with gitleaks or git-secrets
  • Gitleaks script: https://github.com/cyberark/secretless-broker/blob/master/.gitleaks.toml
  • [x] A full history scan should be run to check that there are no credentials previously pushed in the history. Command: gitleaks --repo-path . --config .gitleaks.toml
• [x] The project must be reviewed to ensure we don’t write any sensitive data to logs or anywhere else (Kumbi?)
• [x] Full security review has been done on this project
• [x] Has been reviewed by a technical writer

[sigalsax]

Open questions:

1. This project needs a URL. Is the URL just the GH URL?
2. How to add maintainers to project to get GH updates regarding 3rd party vulnerabilities?
3. Do we need an acknowledgement page? @InbalZilberman
4. What versions of Conjur does this project support? Kubernetes? K8s secrets? @InbalZilberman
5. For GA, we need to meet these requirements. Have we had an official security review by @shaharglazner? @InbalZilberman

[sigalsax]

@hughsaunders noted:

pre-push scan only checks commits that have changed, when preparing to open source a repo, a full history scan should be run to check there are no credentials buried in the history command: gitleaks --repo-path . --config .gitleaks.toml

Adding this check to the list of requirements above