tag-security
tag-security copied to clipboard
cncf
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
Description: What's your idea? Add a column to the working groups [table](https://github.com/cncf/tag-security/blob/main/README.md#working-groups) to establish group / lead / STAG Rep for accountability and reporting purposes. Scope: Small - will require...
Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5 to 4.0.8. Release notes Sourced from micromatch's releases. 4.0.8 Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Update the self assessment of WasmEdge project. According to issue #1337, thanks to all the reviewers for their comments, this PR has compiled all the comments and responses into the...
Project Name: Kyverno Github URL: https://github.com/kyverno/kyverno CNCF project stage and issue (NA if not applicable): Incubation, https://github.com/cncf/toc/pull/784. Security Provider: yes Further comments: Kyverno has added self-assessment [here](https://github.com/cncf/tag-security/blob/main/community/assessments/projects/kyverno/self-assessment.md), and the security...
The current goal of the Cloud Native OSCAL WG is to encourage community feedback on two OSCAL prototype metaschema changes. To accomplish this, we need to work on OSCAL content...
Description: Design and publish a maturity model Impact: Enable organizations and teams looking to adopt robust supply chain security to identify their current state and ideal future state across domains...
Images not visible in projects Self-Assessment website page (404 Error) #1459
Description: what's your idea? Impact: Describe the customer impact of the problem. Who will this help? How will it help them? Who: this will help CISOs and AOs and analysts...
The [Supply Chain tools mapping](https://tag-security.cncf.io/community/publications/supply-chain-security-tools/) provides a categorization of supply chain projects by the features they provide. This mapping is incomplete, and could benefit from the inclusion of more projects.
Description: What's your idea? Write a blog post about the benefits of TAG Security joint assessments, explaining how they are different from self-assessments and security audits. This could be cross...