tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Proposal] CNCF Cloud Native Security Map - v2

Open ashutosh-narkar opened this issue 3 years ago • 11 comments

Description: Earlier this year we started work on the Cloud Native Security Map with the goal to provide a practitioner's and learner's guide on navigating the Cloud Native security landscape. Thanks to great work by the STAG community, we are nearing completion of the phase-1 (aka Vanilla version) of the map. More details on that phase can be found in #551.

The Vanilla version of the map focussed on how the content should be structured, gathering contributions form the community about the projects to included, creating the website for the project (https://cnsmap.vercel.app/) and working with CNCF design team to get their feedback on the UI/UX aspects.

In this version of the map we'll focus on how different sections and sub-sections of CN Whitepaper relate to reach other. The goal here is to guide users from one aspect of cloud-native security to the next path in their cloud-native journey. For example, users may be familiar with Kubernetes and now find a need to scan their manifests to enforce some security checks. They could start with their journey with Distribute's Container App Manifest section. Now what ? What's the next step ? Maybe Deploy's Pre-flight Deployment Checks ?

This version of the map will help answer this question by introducing the concept of "Guided Tours". The idea is to help users explore different aspects of the cloud-native irrespective of where they start. A new page on the map will feature these tours and we'll also encourage contributions from the STAG community to create these tours.

Impact: Introduce users to different aspects of cloud-native security and empower them with the tools to secure different parts of their infrastructure by providing examples of guided tours to navigate the cloud-native landscape.

Scope: An initial prototype of this work can be found in this branch.

TO DO

  • [X] Security TAG Leadership Representative: @ashutosh-narkar
  • [X] Project leader(s):
    • Brandon Lum (@lumjjb) (TAG chair)
    • Ash Narkar (@ashutosh-narkar) (TAG TL)
    • Diego Comas (@dcomas)
  • [ ] Come with a name for this version of the map [v2 is a placeholder]
  • [ ] Deliverable(s):
    • Finalize structure of "Guided Tour"
    • Prepare examples of 2 to 3 initial Guided tours
  • [X] Slack Channel: #tag-security-whitepaper-map

ashutosh-narkar avatar Jul 20 '21 00:07 ashutosh-narkar

I would be happy to support in this task.

MMerzinger avatar Aug 10 '21 17:08 MMerzinger

@ashutosh-narkar @lumjjb has this kicked off as a project yet or are we working on soliciting contributors at an upcoming meeting

TheFoxAtWork avatar Aug 25 '21 16:08 TheFoxAtWork

This project is yet to kick-off. I'm hoping to get more contributors involved and advertise this more in the October timeframe close to KubeCon. In the meantime, we'll be hashing out some details around guided tours which should be helpful to new contributors to chime in.

ashutosh-narkar avatar Aug 25 '21 19:08 ashutosh-narkar

I would be happy to support this task.

maorkuriel avatar Sep 19 '21 18:09 maorkuriel

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Nov 18 '21 21:11 stale[bot]

We will pick up this task and ask for volunteers early next year.

ashutosh-narkar avatar Nov 19 '21 01:11 ashutosh-narkar

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Jan 20 '22 01:01 stale[bot]

This work will be prioritized in Q1 while current focus is to move ahead some of the other in-progress projects.

ashutosh-narkar avatar Jan 20 '22 01:01 ashutosh-narkar

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Apr 30 '22 07:04 stale[bot]

I will be happy to help here also! ;-)

vicenteherrera avatar Jun 15 '22 17:06 vicenteherrera

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Sep 21 '22 04:09 stale[bot]

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar May 21 '23 23:05 stale[bot]

Closing this for now. We'll pick this up in the future based on prioritization, interest etc.

ashutosh-narkar avatar Jun 20 '23 23:06 ashutosh-narkar

Hey everyone, I love the CNSM and I think it makes sense, I see that this v2 is still in progress and currently unplanned(?)

I'm one of the maintainers of OpenCRE.org a completely Open Source mapping project that started from standards and is now branching out to tools and other documentation. OpenCRE can also update itself from links in the projects themselves, so we have been scanning a predefined list of repos for back-links.

If you are still interested in a V2, we can figure out a way for OpenCRE to host the information you need, this way you don't need to maintain mappings to other things yourselves and projects automatically benefit from any future information we add. (we already map CCM btw)

Did I mention OpenCRE also has a chatbot and a REST API? Projects can use their links to OpenCRE to also find relevant regulatory information that suits them (links to NIST, CWE, other projects, etc)

northdpole avatar Sep 21 '23 07:09 northdpole