tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Security Self Assessment] Karmada

Open Rana-KV opened this issue 2 years ago • 1 comments
trafficstars

Details

Project Name: Karmada

Github URL: https://github.com/karmada-io/karmada

CNCF project stage: Sandbox preparing for incubation

  • Sandbox Proposal: https://github.com/cncf/toc/issues/721
  • Incubation Proposal: https://github.com/cncf/toc/pull/986

Security Provider: No

Self-assessment link (before PR): Karmada Security Self-Assessment

Tasks

  • [x] Stage 1: Preparation

    • [x] Create a GitHub issue for the security self assessment of Karmada project.
      • [x] Issue Link in CNCF Tag-Security: https://github.com/cncf/tag-security/issues/1112
    • [x] Create a place holder of security self assessment.
      • [x] Create a fork of the CNCF Tag-Security in your Github.
      • [x] Create a new folder for the Karmada project.
      • [x] Add the security self assessment template under the project folder.
      • [x] Issue link of Initial Commit: https://github.com/cncf/tag-security/commit/830f083ea22aad1a65d45dafebf3f1aa37805d06
    • [x] Review Documentation of the Karmada project.

  • [x] Stage 2: Understand the Project Landscape

    • [x] Understand the overall project at a sufficient level of detail.
    • [x] Update overview section
      • [x] Background
        commit: a3fee9600658149e6a4d4051425f6e473e05b226
      • [x] Actors
        commit: a41615b13532a14843232e97be738367d98217e4
      • [x] Actions
        commit: 2ced290c08d2912f72c6c6858aa644a79896cd1a
      • [x] Goals
        commit: febeb16bb7f3171d9451227972ed33ed9e5d71cf
      • [x] Non-Goals
        commit: 51b7d76c2bcad2a3c6c4ecb4dfb72e7a7b6aa4c4

  • [x] Stage 3: First complete draft of the Self Assessment

    • [x] Document technical specifications of the Karmada project.
      • [x] Self assessment use
        commit: 7c65a122fcebde74ef04d4d95eea8639d38513b8
      • [x] Security functions and features
        commit: fddad17d0823a3ec45e3f06d17466adba476f7e0
      • [x] Project compliance
        commit: ac87e851f500efa4e5dd4674c690e628285f7389
      • [x] Secure development practices
        commit: ac87e851f500efa4e5dd4674c690e628285f7389
      • [x] Security issue resolution
        commit: 587fedd21273307ae16148b66a8e03064ef14d90
      • [x] Appendix
        commit: 9026fe8bedde4b999f1cbe1d0dd89ea89b4f8e2b
    • [x] Complete the security self assessment draft.

  • [ ] Stage 4: Iteration with the project

    • [x] Initiate discussion with Karmada project maintainers.
    • [x] Incorporate inputs and feedback from Karmada project maintainers.
    • [ ] Document the findings.

  • [ ] Stage 5: Finalization

    • [ ] Initiate PR
    • [ ] Get feedback and findings from reviewers
    • [ ] Fix the findings
    • [ ] Merge the PR
    • [ ] Close the issue

Rana-KV avatar Sep 21 '23 06:09 Rana-KV

Note to other readers, this is a quick pilot of the Security Pals process that other projects will go through in the next few months.

I'm assigning other folks (the chairs, assessment facilitators, etc.) so they can also watch this process...

JustinCappos avatar Sep 21 '23 13:09 JustinCappos

I'm closing the issue since the assessment is completed and merged.

Rana-KV avatar Mar 10 '24 05:03 Rana-KV