search

kubernetes-sigs / gateway-api

Repository for the next iteration of composite service (e.g. Ingress) and load balancing APIs.
https://gateway-api.sigs.k8s.io
Apache License 2.0
1.78k stars 461 forks source link

Enhancment: Secure the release process #2682

Closed hrittikhere closed 4 months ago

hrittikhere commented 9 months ago

Hello I am Hrittik and I am participating in Security Slam where the goal is to secure the Kubernetes projects with the help of #eddie-knight. Here you can find more details.

What would you like to be added:

Why this is needed: This will be helpful for having an automatic security position for the project artifacts and long-term health of a project. Eventually, we can work towards a better score on the OpenSSF Scorecard Report and CLOMonitor: https://securityscorecards.dev/viewer/?uri=github.com/kubernetes-sigs/gateway-api

Would love to discuss this with the maintainers and ship this changes if the community feels these are required.

eddie-knight commented 9 months ago

:wave: This task was outlined and proposed by @puerco and SIG Release to be implemented across all subprojects. Please let @hrittikhere know if there is anything he can do to assist with normalizing the release process.

hrittikhere commented 9 months ago

The CLOMonitor is live here: https://clomonitor.io/projects/cncf/gateway-api now

k8s-triage-robot commented 6 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 5 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 4 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 4 months ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes-sigs/gateway-api/issues/2682#issuecomment-2114659241): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.