Open camilamacedo86 opened 9 months ago
@varshaprasad96 @Kavinjsir @everettraven @rashmigottipati
Hi @camilamacedo86, thanks for brining this to attention. I took a dig at the Cyber Resilience Act and some of the implications it may have. A few thoughts on this:
I also took a look at the shared article and I 100% agree with the breakdown @varshaprasad96 shared. My inclination is that we would be classified as a non-critical project based (since we are a dev tool for streamlining the building of software) on the information provided. I agree with waiting for more guidance from the Kubernetes orgs or CNCF as a whole before making any commitments.
Issue Description:
We need to conduct a thorough analysis of the new Cyber Resilience Act to understand its implications for the Kubebuilder project, particularly in terms of our release process, tooling, and dependencies. We probably need to start to generate the SBOOMs. Also, note that today we use GCP to perform the builds and we have a desire to use only GitHub Actions to do so and no longer need to use GCP.
Areas of Focus:
Current Release Process:
goreleaser
for automating releases, triggered by pushing a new tag.Kubebuilder Tools:
kubebuilder-tools
, a binary to assist users withenvtest
.Kube-RBAC-Proxy:
kube-rbac-proxy
.kubernetes-sig
for a long timeObjectives:
Create a Proposal Design Document:
Develop Compliance Strategies:
Objectives:
Create a Proposal Design Document:
Develop Compliance Strategies:
Call to Action:
We invite contributors to participate in this analysis and help develop a comprehensive strategy for compliance. Your insights and expertise in our current processes, tooling, and dependencies will be invaluable in navigating these new requirements.
Reproducing this issue
No response
KubeBuilder (CLI) Version
master
PROJECT version
No response
Plugin versions
No response
Other versions
No response
Extra Labels
No response