tag-security
tag-security copied to clipboard
cncf
[Proposal] CNCF Supply Chain Security Tools Mappings
Description: Create a mapping from various open source tools to the supply chain security whitepaper. I have an initial draft of a spreadsheet available [here] (https://docs.google.com/spreadsheets/d/1CzvnInT7QOmTOz20W5TiX8tJiG9XZvdqYA3TivLx-PI/edit#gid=0). This mapping can be translated to be part of the controls catalog, or a similar format.
Impact: Clarify which tools solve which problems in the supply chain security space so that users can determine the set of tools that will solve their use cases. The whitepaper purposefully does not advocate any particular tools, but this makes it hard to find the right open source tools to address the topics in the whitepaper.
Scope: not yet determined
TO DO
- [ x ] Security TAG Leadership Representative: @mnm678
- [ x ] Project leader(s): @mnm678
- [ ] Project Members:
- [ ] Fill in addition TODO items here so the project team and community can see progress!
- [ ] Scope
- [ ] Deliverable(s)
- [ ] Project Schedule
- [ ] Slack Channel (as needed)
- [ ] Meeting Time & Day:
- [ ] Meeting Notes (link)
- [ ] Meeting Details (zoom or hangouts link)
- [ ] Retrospective
Possible related scope - https://github.com/cncf/tag-security/issues/561 I'm thinking out loud - Would the CNS Map project help? - https://github.com/cncf/tag-security/issues/551
Would the CNS Map project help? - #551
Yes! That's one possible destination for this work
This issue has been automatically marked as inactive because it has not had recent activity.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey folks, would this be possibly done with the opencre.org project? we can do this automatically if the tools link to us or manually with the help of the community if there's a team that wouldn't mind maintaining spreadsheets
