search

kubernetes / committee-security-response

Kubernetes Security Process and Security Committee docs
Apache License 2.0
165 stars 65 forks source link

Document incident command process for non-SRC members #140

Closed tallclair closed 2 years ago

tallclair commented 2 years ago

I'd like to create & document an incident response process that we can delegate better. This should include specific steps to follow, action items, timelines, etc. Ideally it could be handed off to non-SRC members who have never been involved in a Kubernetes security response before, and they'd be able to follow the instructions to lead a security response.

Considerations for non-SRC incident responders:

tallclair commented 2 years ago

This would also be useful to SRC members, and should include checklists & timelines for response.

PushkarJ commented 2 years ago

@tallclair I would be happy to help out on this from the lens of how sub-project maintainers may need to lead a security response for their projects. Will connect with you on slack to find some common time to discuss more.

PushkarJ commented 2 years ago

Also, there is an opportunity to reuse some ideas / template from here: https://github.com/cncf/tag-security/blob/main/project-resources/templates/incident-response.md

k8s-triage-robot commented 2 years ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 2 years ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 2 years ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

k8s-ci-robot commented 2 years ago

@k8s-triage-robot: Closing this issue.

In response to [this](https://github.com/kubernetes/committee-security-response/issues/140#issuecomment-1186639178): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues and PRs according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue or PR with `/reopen` >- Mark this issue or PR as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.