search

ossf / wg-vulnerability-disclosures

The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.
https://openssf.org
Apache License 2.0
178 stars 40 forks source link

Introduction - Rimas Mocevicius (JFrog) #36

Closed rimusz closed 4 years ago

rimusz commented 4 years ago

Hi there!

I'm Rimas Mocevicius, Senior Solutions Engineer at JFrog Community team.

Recently we have released ChartCenter for Helm charts repositories, which has a nice feature: it performs a vulnerability analysis of all the Helm chart’s dependent Docker images. ChartCenter also provides chart maintainers the ability to provide mitigation notes and an overview of the status of the chart security on the UI. A security-mitigation.yaml file was developed so a chart maintainer can tag CVEs and provide notes for chart users.

Security mitigation spec can be found here We already proposed the spec to helm community as well, and we think it would be useful to have it in this group as well.

JFrog is interested in joining this working group and initiative on security issues! I have also opened PR #35

Thank you

MarcinHoppe commented 4 years ago

@rimusz welcome to the WG!

MarcinHoppe commented 4 years ago

35 has been merged, closing this issue.