tag-security
tag-security copied to clipboard
cncf
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
Hello everybody! I'm one of the maintainers on the SPIFFE/SPIRE projects, and we are currently working on support for Windows. As part of this work, we have ~500 lines of...
Description: As there have beena set of container breakout vulnerbiities in 2022, in a variety of parts of the stack, it's attracting more attention to this part of cloud native...
# Description: ## Background: Application builds (especially cloud-native microservice applications) today are operated as a "black-box". In a typical setting they are build using toolkits like `docker build`, `kaniko` or...
Project Name: Argo Github URL: https://github.com/argoproj https://github.com/cncf/toc/pull/299 (Incubation) https://github.com/cncf/toc/pull/604 (Graduation - in process) Self Assessments: [Argo CD](https://docs.google.com/document/d/152YhKuBiWLWsKS6KcstmVRDSeCextkgH6zIpL7TNymw/edit?usp=sharing) [Argo Rollouts](https://docs.google.com/document/d/1_jUZrw85BLaAcXd9Qw07IOrKB8rOgD30-5rnT-fclKU/edit?usp=sharing) [Argo Workflows](https://docs.google.com/document/d/1tiI_VKg6VzkyBjb33S26lCI_6vb-sehHxcn4CdhEGJA/edit?usp=sharing) [Argo Events](https://docs.google.com/document/d/1s6-wFwXojcOy_ykl3bCqU1nFW8Zq2UQnxxMmXSd-qWc/edit?usp=sharing) Security Provider: No - [x] Identify team...
This curated list of Supply Chain Compromises is awesome, thanks for maintaining it! * https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises I noticed that the Monero wallet's compromised release from 2019-11-18 is not listed in this...
Add process of lead rotation for long projects/work. Motivation: For certain facilitator roles, teams and projects that are ongoing, leadership rotations should be carried out. This is to help: Ensure...
Description: Review [NPM supply chain proposal](https://github.com/npm/rfcs/blob/link-packages-to-source-and-build/accepted/0000-link-packages-to-source-and-build.md) and make recommendations Impact: Review the proposal and ensure that it is in line with CNCF supply chain whitepaper and software factory reference architecture....
Description: There is a lot of overlap in terms of the goals of CNCF TAG-Security and OpenSSF. This results in quite a few overlapping deliverables and member participation. The goal...
Title: Flux Multi-tenancy Speakers: @pjbgf @aryan9600 @hiddeco Description: An overview of Flux support for Multi-tenancy, covering existing and upcoming features, alongside its security-sensitive settings. This is a follow-up from https://github.com/cncf/tag-security/issues/896#issuecomment-1125104744....
Title: [Trousseau](https://github.com/ondat/trousseau) - Kubernetes KMS Provider Plugin Speakers: @romdalf Description: Following the Sandbox Inclusion Meeting feedback, we would like to share with you an overview of why, what, and how...
