search

defenseunicorns / uds-marketplace

Apache License 2.0
3 stars 0 forks source link

Add detailed metadata for marketplace apps #117

Closed marshall007 closed 1 week ago

marshall007 commented 4 weeks ago

Fields that need to be incorporated and their possible values:

app_name: "App Name"
vendor: "Vendor Name"
Vendor URL: "URL"
icon:
  description: "Cartoon cat with rocket hat"
product_overview: |
  This is where the paragraphs of product overview information will go.
  You can include multiple lines of text here, describing the product in detail.
  The vertical bar '|' allows for multi-line text input in YAML.
contracting_details:
  contracting_number: "string"
  contracting_vehicle:
    - "GSA Schedule"
    - "SIBR III"
    - "Tradewinds"
  pricing_model:
    - "FOSS"
    - "SASS"
    - "Per Instance"
    - "Per User"
  small_business_status:
    - "Small Business "
    - "Small Disadvantaged Businesses"
    - "Veteran-Owned Small Business"
    - "Service-Disabled Veteran-Owned Small Businesses"
    - "Woman-Owned Small Business"
    - "HUBZone"
    - "8(a) Small Businesses"
  delivery_timeline: "2 weeks*"
  business_category:
    - "ai/ml"
    - "arcade"
    - "business"
    - "database"
    - "kubernetes"
    - "networking
    - "productivity"
    - "security"
    - "web"
authorization_details:
  authority_to_operate: boolean
  fedramp:
    - "In Progress"
    - "Authorized"
    - "N/A"
  fips_compliant_image: boolean
  nist_800_53:
    - "Available"
    - "N/A"
  cve_report: boolean
  sbom: boolean
technical_details:
  infrastructure:
    - "AWA"
    - "Azure"
    - "On-prem"
    - "Airgapped"
  architecture:
    - "arm-64"
    - "amd-64"
  k8s_distros:
    - "RKE2"
    - "EKS"
    - "K3s"
resources:
  - "Application Docs"
  - "Helm Chart"
  - "Product Website"
  - "Reference Architecture"

Some open questions:

  1. What does technical_details.infrastructure/k8s_distros imply in the short term for MVC? We do not currently test against all distros/cloud providers, so what do we say for current packages?
  2. Should we have fedramp and authority_to_operate fields? What does this mean for zarf packages? (FedRAMP is a process for SaaS platforms, ATO is not something we can directly provide)
  3. What is delivery timeline? @austenbryan mentioned that it "should evolve into 'test against infrastructures'", but per (1) what does this mean for MVC?
marshall007 commented 4 weeks ago

@austenbryan: Authorization - remove fedRAMP and add SBOM but like the other fields

@Madeline-UX So adding weather or not an app has been through FedRAMP was requested by the contracting officer. In the interview with Cody Paul i asked if knowing an app was even going through the fedramp process would help drive a buy decision and he said yes.

@Madeline-UX FedRAMP is only relevant to SaaS services. We cannot say a package "is FedRAMP compliant". I will remove for now but feel free to continue discussion.

austenbryan commented 4 weeks ago

I think it is worth a synchronous convo this week on meta data. We need to decide

This will drive the roadmap for future releases. I will schedule time Friday

Madeline-UX commented 3 weeks ago

Updated metadata design based on all the convos we had this week.

Screenshot 2024-08-20 at 7 53 12 PM

app_name: "App Name" vendor: "Vendor Name" Vendor URL: "URL" icon: description: "Cartoon cat with rocket hat" product_overview: | This is where the paragraphs of product overview information will go. You can include multiple lines of text here, describing the product in detail. The vertical bar '|' allows for multi-line text input in YAML. contracting_details: contracting_vehicle: "available" pricing_model:

resources: