The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
I'm Rimas Mocevicius, Senior Solutions Engineer at JFrog Community team.
Recently we have released ChartCenter for Helm charts repositories, which has
a nice feature: it performs a vulnerability analysis of all the Helm chart’s dependent Docker images.
ChartCenter also provides chart maintainers the ability to provide mitigation notes and an overview of the status of the chart security on the UI. A security-mitigation.yaml file was developed so a chart maintainer can tag CVEs and provide notes for chart users.
Security mitigation spec can be found here
We already proposed the spec to helm community as well, and we think it would be useful to have it in this group as well.
JFrog is interested in joining this working group and initiative on security issues!
I have also opened PR #35
Hi there!
I'm Rimas Mocevicius, Senior Solutions Engineer at JFrog Community team.
Recently we have released ChartCenter for Helm charts repositories, which has a nice feature: it performs a vulnerability analysis of all the Helm chart’s dependent Docker images. ChartCenter also provides chart maintainers the ability to provide mitigation notes and an overview of the status of the chart security on the UI. A
security-mitigation.yaml
file was developed so a chart maintainer can tag CVEs and provide notes for chart users.Security mitigation spec can be found here We already proposed the spec to helm community as well, and we think it would be useful to have it in this group as well.
JFrog is interested in joining this working group and initiative on security issues! I have also opened PR #35
Thank you