tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

Micro-site: categorize and highlight presentations w/ better index

Open ultrasaurus opened this issue 6 years ago • 34 comments
trafficstars

Description: we want to surface the work that the group has done over the past 1.5 years and create a maintainable structure, so as we add more to the repo, parts of it will naturally update on the web also -- basically, more accessible content with some friendly pointers to the repo. We want to start small and iterate, so we thought starting with the presentation would be useful to people and relatively easy to put together. Other content (home page about) could be taken from readme, potentially refactoring parts into separate docs, if needed, to not have content replicated in multiple places. This isn't a site about the SIG, it's a site about cloud native security (knowledge sharing by SIG-Security).

Impact: Make the work of the group more accessible to a larger audience. Initial target audience is people who are already fairly knowledgable about cloud or about security (e.g. new group members), later expanding as the group creates more resources.

Scope: Initial version should take a few hours to 1 day of work to make the site... once we have all ther prerequisites figure out and a plan with review checkpoints, it could get done 3-4 weeks of calendar time for iterations and discussion to figure out exactly how to set up the files so that they are both easy to maintain and readable, allowing for at least a week in the middle for review/feedback from the wider group.

We have a lot of great source material about security use cases as well as from presentations from specific open source projects that provide solutions in this space

If you are interested in getting involved, pls comment on this issue and join #sig-security-web channel on slack

proposed directory structure:

/presentations

  • /use-case
  • /security-provider

I've gotten a transcript for each session that I plan to post and with overview page for each, including a link to github issue, video, transcript, etc.

  • Project lead:
  • SIG Chair: @ultrasaurus

TODO:

  • [ ] post raw info from presentations: https://github.com/cn-security/safe/issues?q=label%3Ausecase-presentation+is%3Aclosed (@taylorwaggoner), tracking sheet
    • [X] videos on YouTube - playlist
    • [ ] get transcripts
  • [ ] figure out format for the pages (see notes below)
  • [ ] make a markdown page for each presentation with an index
  • [ ] pick a hugo template
  • [ ] find out from CNCF
    • [ ] are any color / visual style guidelines?
    • [ ] at what domain will this live?
    • [ ] approval process? (plan to share with SIG, approval by majority of co-chairs, and Joe/Liz -- though need to determine some checkpoints so a big group isn't approving every PR)

Notes:

  • idea for /transcripts folder https://github.com/cn-security/safe/pull/114
  • ideas on structured meta data: https://github.com/ultrasaurus/safe/tree/presentation-page-format/presentations

ultrasaurus avatar Nov 30 '18 19:11 ultrasaurus

I'm thinking we should consider a static site generator like Hugo -- then we can keep meta-data in machine readable front-matter (though we could publish markdown as interim step, since I read that github now displays yaml front-matter)

ultrasaurus avatar Dec 02 '18 18:12 ultrasaurus

here are some ideas of data representations for the presentations: https://github.com/ultrasaurus/safe/tree/presentation-page-format/presentations

ultrasaurus avatar Dec 02 '18 19:12 ultrasaurus

I like the idea of having a directory structure that is indicative of the type of meeting transcripts that are included in that dir. Maybe each dir could have its own README with an index of the file inside? Or we could use a static site generator.

izgeri avatar Dec 21 '18 18:12 izgeri

@ultrasaurus count me in. I've done a couple of sites with GitHub/Hugo combo already, the main question is where to host it. I usually use Amplify but I acknowledged the fact that Netlify is more popular (and arguably I'm biased re the former ;)

mhausenblas avatar Jun 05 '19 17:06 mhausenblas

Have we determined if this micro-site going to live as a subdomain on cncf.io or on its own domain?

pbnj avatar Jun 05 '19 17:06 pbnj

@petermbenjamin added to TODO list -- need to follow-up with Amye to get an intro to the CNCF person who can answer whether there are any preferences on their side for URLs or visual styling.

I did nab cloud-native-security.info a while ago (before we started the CNCF WG / SIG process) and happy to donate that if people like it and we want / need our own domain. Though I do like security.cncf.io which seems more concise and readable.

ultrasaurus avatar Jun 11 '19 14:06 ultrasaurus

@ultrasaurus would you mind stating if you take care of it or want me to do it?

mhausenblas avatar Jun 11 '19 14:06 mhausenblas

@mhausenblas will kick off an email thread to find the right person to coordinate with and cc you. It would be great if you could track that thread and update here as we learn answers

ultrasaurus avatar Jun 11 '19 14:06 ultrasaurus

hey @lucperkins from the CNCF can sketch out a simple hugo+netlify site

we can do something like sig-security.cncf.io

caniszczyk avatar Jun 12 '19 23:06 caniszczyk

Thanks, @ultrasaurus … yo @lucperkins can we sync regarding the micro-site, this week, please? My current understanding is that you'd be looking after infra (Hugo, hosting, etc.) and I more after the content? I suppose a quick (20min) meeting to resolve it would be ideal?

mhausenblas avatar Jul 02 '19 04:07 mhausenblas

Status update: I'm working on something that's publicly available at https://sig-security.netlify.com. I'm building that from my personal fork of this repo: https://github.com/lucperkins/sig-security/tree/lperkins/website. It's definitely a WIP but I think a decent skeleton for iteration.

If it would be beneficial, I can submit a PR and we can discuss/collaborate there.

lucperkins avatar Jul 12 '19 19:07 lucperkins

@lucperkins: today @ultrasaurus and I sat together and developed a battle plan. Here's what we decided:

  • We continue to use your fork, please use #195 as the landing page content
  • Please add a client-side site search functionality
  • I will work on the presentation details content in my own fork, based on Sarah's templates

We can discuss details or open questions on the sig-security-web channel.

mhausenblas avatar Jul 15 '19 15:07 mhausenblas

@mhausenblas I've updated the site in progress with the desired front page content as well as a search bar: https://sig-security.netlify.com/.

I've left the previous documents in place largely to demonstrate the search functionality. They'll be removed later.

lucperkins avatar Jul 15 '19 23:07 lucperkins

Awesome, thank you @lucperkins!

mhausenblas avatar Jul 16 '19 06:07 mhausenblas

Sorry for the long silence. Week after next (re:Invent) I'm back on track and wanted to see where we are with this issue and where/how I can contribute @ultrasaurus

mhausenblas avatar Dec 01 '19 10:12 mhausenblas

interested :)

chasemp avatar Nov 11 '20 18:11 chasemp

@vinayvenkat tagging you here for awareness/interest

we'll need to define an editorial team to curate content, field content. this applies to the microblog #451 issue as well - at least to get started.

@pragashj mentioned a potential subdomain upcoming? security.cncf.io ? need POC to confirm and help figure this out.

TheFoxAtWork avatar Dec 10 '20 01:12 TheFoxAtWork

Happy to help with this.

apmarshall avatar Apr 01 '21 00:04 apmarshall

Yep, seems like a great idea for discoverability and lots of stated points.

chasemp avatar Jun 09 '21 17:06 chasemp

I would like to see if we can create some alignment with the work around #551 , I think there could be possibly be a part of the same site as the CNSmap, https://cnsmap.vercel.app/

So maybe we could have Cloud Native Security Map be one section and have "Presentations" or other subsections in which everyone can contribute to. The current templating we have for the CNSmap is based on markdown, so technically we could work it in a way to reflect content of the repo well.

lumjjb avatar Jun 09 '21 18:06 lumjjb

Updating the issue comment for freshness of issue state

lumjjb avatar Jun 09 '21 19:06 lumjjb

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Aug 09 '21 01:08 stale[bot]

The plan is to have the CNSMap site evolve to become the microsite. The next usecase to expand on would be the Cloud native security lexicon #735 .

lumjjb avatar Sep 15 '21 13:09 lumjjb

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Nov 14 '21 16:11 stale[bot]

K8s SIGs have something similar as a service for sub-projects: https://github.com/kubernetes/community/blob/master/github-management/subproject-site-requests.md

PushkarJ avatar Feb 28 '22 21:02 PushkarJ

Following up on a discussion w/ @lumjjb on this ticket: I've helped a few friends + colleagues use ReadTheDocs/sphinx/rST for sites. Works quite nicely for developer-driven documents, easy to setup a build + publish pipeline in Concourse and/or GitHub Actions. Also supports citations, cross-referencing, "code as documentation", etc.

Examples:

  • https://iaxes.github.io/pronk8s/sections/build_patterns.html
  • https://fd.io/docs/vpp/v2101/reference/readthedocs/index.html

I'd be able to throw together a demo pretty quickly, if there's interest.

IAXES avatar Feb 28 '22 23:02 IAXES

There were plenty of people willing to do the technical work, include CNCF staff who are available to help. What this project has always lacked is someone who is willing to curate content and, as needed, write/edit overview text for sections of the site.

ultrasaurus avatar Apr 11 '22 20:04 ultrasaurus

I'll help you, will build a first alpha prototype that we can use to discuss the information, content and appearance. ;-)

vicenteherrera avatar Jun 15 '22 17:06 vicenteherrera

@ultrasaurus I can help on the curation. Here is a first draft of the content that I think we can cover @vicenteherrera that's some good work already, thanks. Please let me know your thoughts as well, and how we could articulate this in the site you are building. `

Who we are

What we've done

How do we do this

STAG charter outlines the scope of our group activities, as part of our governance process which details how we work.

Top 5 things we are working on

How to get involved

  • Contributors

    • Slack channel

      • Hangout in the CNCF Slack
      • Our channel is #tag-security

    • Mailing list

      • Join our mailing list at CNCF Lists TAG-Security
      • Join the Mailing List to receive the calendar meeting invite.

    • Meeting calendar

      • CNCF Event Calendar
      • We meet every Wednesday at 10 am PT| 1 pm ET| 6 pm GMT

    • Zoom

      • Join our call live on Zoom
      • cncftagsecurity passcode: 77777

    • YouTube channel

      • Missed a meeting?
      • No drama - catch up from a recording!

    • Contact us

  • Security assessments

Related issues

  • https://github.com/cncf/tag-security/issues/666
  • https://github.com/cncf/tag-security/issues/826

Potentially related issues

  • https://github.com/cncf/tag-security/issues/692
  • https://github.com/cncf/tag-security/issues/726

ragashreeshekar avatar Jun 27 '22 07:06 ragashreeshekar

Thanks for the proposed structure, I'll try to incorporate that to my test!

I've been preparing a test website, you can see it at: https://vicenteherrera.com/stag-web/ Code lives at the repo here: https://github.com/vicenteherrera/stag-web

Some interesting characteristics about it for this group:

  • Based on Jekyll (an open source ruby tool) and an open source theme
  • It generates a static website (plain HTML), that can be hosted on GitHub pages (as it shows in the test repo here), so less vulnerabilities to deal with, very quick rendering, and using GitHub as a free host (you can even associate your own domain to GitHub pages as I did).
  • Editing content is easy even if you don't know about web development using just markdown files like this one (that generates this url) Even blog posts are just markdown files.
  • When somebody wants to propose a change, he/she can open a PR that can be commented and accepted. You can render and browse a local version on your computer to check modifications.
  • The theme is quite clean and nice, it includes possibility of two menu navigation levels (horizontal and vertical) that gives flexibility to incorporate a lot of static pages not associated specifically to blog posts, as well as many other options.

I plan to work putting @ragashreeshekar shared content into this test, and when it's more mature, we can discuss the best way to really publish it and manage it.

vicenteherrera avatar Jun 27 '22 22:06 vicenteherrera