Closed marshall007 closed 1 week ago
@austenbryan: Authorization - remove fedRAMP and add SBOM but like the other fields
@Madeline-UX So adding weather or not an app has been through FedRAMP was requested by the contracting officer. In the interview with Cody Paul i asked if knowing an app was even going through the fedramp process would help drive a buy decision and he said yes.
@Madeline-UX FedRAMP is only relevant to SaaS services. We cannot say a package "is FedRAMP compliant". I will remove for now but feel free to continue discussion.
I think it is worth a synchronous convo this week on meta data. We need to decide
This will drive the roadmap for future releases. I will schedule time Friday
Updated metadata design based on all the convos we had this week.
app_name: "App Name" vendor: "Vendor Name" Vendor URL: "URL" icon: description: "Cartoon cat with rocket hat" product_overview: | This is where the paragraphs of product overview information will go. You can include multiple lines of text here, describing the product in detail. The vertical bar '|' allows for multi-line text input in YAML. contracting_details: contracting_vehicle: "available" pricing_model:
resources:
Fields that need to be incorporated and their possible values:
Some open questions:
technical_details.infrastructure/k8s_distros
imply in the short term for MVC? We do not currently test against all distros/cloud providers, so what do we say for current packages?fedramp
andauthority_to_operate
fields? What does this mean for zarf packages? (FedRAMP is a process for SaaS platforms, ATO is not something we can directly provide)