Security Slam 2023 Participation

[eddie-knight]

Hello falco community!

In preparation for this year's Cloud Native Security Slam, we've completed a survey of CNCF end users across multiple industries, including Construction, Cybersecurity, Aerospace & Defense, Game Development & Consumer Services, Consulting, and Nuclear.

Through this survey, end users have identified their interest in seeing security improvements to the projects they use. We've asked them to share which Security Slam goals are most interesting to them— and we've compiled the results in a hope that this will help your prioritization during the upcoming event.

While some users have not authorized us to share their name, we've still included their responses in our calculation for you. We CAN tell you that the falco responses included Epic Games and Infosys.

After calculating the responses according to the interest-weight, we've found these to be the most interesting things that falco end users would like to see, from the five possible Security Slam badges.

1. The Mechanizer
2. The Chronicler
3. The Inspector

More information will be announced in the event kickoff webinar on October 10th, including how to register for cash & swag prizes, details about how success is measured, and resources to help achieve each of the badge goals.

If you can't make it to the webinar, a recording will be made available within 24hrs. It will be sent out to the community newsletter with any essential details you may have missed.

Join the community & sign up for the webinar here: https://community.cncf.io/cloud-native-security-slam/

---

A quick look at the 2023 Event Badges

The Chronicler

Ensure that security documentation has properly formatted data relating to software supply chain security decisions, including instructions for end users seeking to validate provenance artifacts.

The Inspector

Ensure that a security self-assessment has been completed according to TAG-Security documented standards.

The Cleaner

Bring all CLOMonitor non-security scores to 100% for the project, indirectly increasing overall supply chain security (Best Practices, Documentation, License, Legal).

The Defender

Ensure each project repo is accounted for within CLOMonitor; Ensure proper check set is assigned to each project repo; Bring security score to 100% for the project (This statistically decreases the future likelihood of vulnerabilities).

The Mechanizer

Ensure that every release has an automated mechanism to supply SBOM and provenance artifacts.

[poiana]

There is not a label identifying the kind of this issue. Please specify it either using /kind <group> or manually from the side menu.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[LucaGuerra]

Hi!

In the last few months the Falco community has worked to improve the supply chain security of the project in general, and we have delivered some important work, such as mechanisms to sign and verify (also automatically!) everything we provide (images and artifacts) and container images that are focused on reducing attack surface. You can take a look at our project tracker here: https://github.com/orgs/falcosecurity/projects/7/views/2 and our meeting notes here https://hackmd.io/FwSPVkdHT0i8T4Q8JdfOaw .

We do have open points about provenance attestations, which we have already delivered for a number of repos and some discussion about SBOMs. Your report highlight interesting points and I think it would be interesting to understand how to focus our efforts for our contributors and community to continue our never-ending security journey :)

cc @cpanato @maxgio92

[eddie-knight]

Hey @LucaGuerra @cpanato @maxgio92 — it sounds like you guys have been doing great work!

Were you able to sign your project up for the security slam using the CNCF community page? That way you'll be on the list for project scoring beginning next week. It may be that you can take credit for maintaining the security hygiene efforts that you've already put in place!

We've been sending out a weekly newsletter during the event, and we also put together a small getting started guide for reference. Please let me know if I can help with anything else!

[maxgio92]

Hi @eddie-knight, thank you.

As the work we did (and it's still in evolution) spans across different repositories (like https://github.com/falcosecurity/falcoctl, https://github.com/falcosecurity/plugins, https://github.com/falcosecurity/rules), would it make sense to register also those ones? - besides https://github.com/falcosecurity/falco and https://github.com/falcosecurity/falcosidekick which are the ones already registered and monitored by CLO.

Moreover, the work we did for plugins and rules with the signature transparent verification in falcoctl, I'm not sure can be monitored as the automatic signature verification is a behaviour embedded in the falcoctl code base. I didn't notice metrics in the ones that will be scored, that could catch the safeguard that has been implemented. Do you have some guidance to help us to make it observable by the CLO?

cc @LucaGuerra @cpanato

[eddie-knight]

This is GREAT @maxgio92.

One of the first things that should be done is make sure CLOMonitor is tracking the right repos, with the right check sets. You can see a note about that in the Slam CLOMonitor guide.

The other questions are reasonable places to be confused, and you're probably not the only one— would you be able to bring this conversation into Slack where there are other CNCF project maintainers and Scorecard+CLOMonitor maintainers available to join the convo?

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[Andreagit97]

/remove-lifecycle stale

[cpanato]

is this still in place? if yes, i can take a look in the clo monitor and try to fix a few things

[eddie-knight]

Hey @cpanato! The CLOMonitor is definitely recommended any time you're looking to make improvements, but the event for 2023 is wrapped up and we're already exploring how best to do this again for 2023.

I'll close this particular issue, since the aforementioned event has passed. Hit me up on Slack if there's anything else I can help with!