A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig – [✩Star] if you're using it!
No SAST in the CI/CD (using govulncheck or others tools)
No signed releases
What do you think about implementing at least the first two mentioned points? It would ease the adoption, especially for companies now taking an interest in supply chain security.
Hello,
We are considering using the project inside our company. However, our Security Team asked us do to a review on the project security, using scorecards like https://scorecard.dev/viewer/?uri=github.com/stakater/Reloader and https://deps.dev/go/github.com%2Fstakater%2FReloader
The following seems to be missing:
What do you think about implementing at least the first two mentioned points? It would ease the adoption, especially for companies now taking an interest in supply chain security.
Thanks a lot!