community icon indicating copy to clipboard operation
community copied to clipboard
verified publisher icon kubeflow

Graduation Process: Security

Open varodrig opened this issue 7 months ago • 5 comments

Security

Note: this section may be augmented by a joint-assessment performed by TAG Security.

Suggested

  • [ ] Achieving OpenSSF Best Practices silver or gold badge.

Required

  • [ ] Clearly defined and discoverable process to report security issues.
  • [x] Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)
  • [ ] Document assignment of security response roles and how reports are handled.

  • [ ] Third Party Security Review.

    • [ ] Moderate and low findings from the Third Party Security Review are planned/tracked for resolution as well as overall thematic findings, such as: improving project contribution guide providing a PR review guide to look for memory leaks and other vulnerabilities the project may be susceptible to by design or language choice ensuring adequate test coverage on all PRs.
  • [ ] Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.

varodrig avatar Apr 25 '25 02:04 varodrig

/area cncf-graduation

andreyvelich avatar Apr 29 '25 12:04 andreyvelich

as part of the Badge for the required (passing) there is the open question where do we direct the users for responsible disclosure; from MR WG, we're happy to comply with COmmunity decision (either per-repo, hackerone, etc)

tarilabs avatar Jun 03 '25 16:06 tarilabs

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Sep 02 '25 00:09 github-actions[bot]

/remove-lifecycle stale

andreyvelich avatar Sep 02 '25 12:09 andreyvelich