tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Security Review] Kyverno

Open realshuting opened this issue 6 months ago • 8 comments
trafficstars

Project Name: Kyverno

Github URL: https://github.com/kyverno/kyverno

CNCF project stage and issue (NA if not applicable): Incubation, https://github.com/cncf/toc/pull/784.

Security Provider: yes

Further comments: Kyverno has added self-assessment here, and the security processes and guidelines can be found here. OpenSSF Best Practices is passing.

  • [ ] Identify team
    • [ ] Project security lead
    • [ ] Lead security reviewer
    • [ ] 1 or more additional reviewer(s) @JustinCappos
    • [ ] Every reviewer has read security reviewer guidelines and stated declaration of conflict
    • [ ] Sign off by facilitator on reviewer conflicts
  • [ ] Create slack channel (e.g. #sec-assess-projectname)
  • [ ] Project lead provides draft document - see outline
  • [ ] "Naive question phase" Lead Security Reviewer asks clarifying questions
  • [ ] Assign issue to security reviewers
  • [ ] Initial review
  • [ ] Presentation & discussion
  • [ ] Share draft findings with project
  • [ ] Assessment summary and doc checked into /assessments/projects/project-name (require at least 1 co-chair approval)
  • [ ] CNCF TOC presentation (if requested by TOC)

realshuting avatar May 14 '25 15:05 realshuting