tac
tac copied to clipboard
ossf
Mapping our TIs to the Landscape view
There has been a request to map all OSSF TI's (WGs, Projects, SIGs, etc.) using the LF's landscape tool. Examples today include:
- The OSSF Membership list - https://openssf.org/about/members/
- CNCF Landscape - https://landscape.cncf.io/
Some existing work was created within the Diagrammers Society (https://github.com/ossf/Diagrammers-Society/tree/main/drawings).
Are there community members that are interested in collaborating on this task? This topic was discussed in the 20feb2024 TAC call.
Is this a duplicate of #84? If so, we can probably close that issue due to inactivity.
Is this a duplicate of #84? If so, we can probably close that issue due to inactivity.
Oh wow.... 84. That's a blast from the past. Yes, I think these are essentially the same. the phrasing above is how staff has recently asked about.
https://github.com/cncf/landscape2 -- This is the link to the actual too the CNCF has built to generate the landscape. I haven't tested it out yet, but CNCF TAG Security is looking to do a cloud native security tool landscape. I plan to play around with this for an hour when I get some time and see if it's generic enough to use for other landscapes.
We do have https://landscape.openssf.org/ running already. But it currently only has info on members and sigstore. It would be nice to add the TIs to it for sure.
Will the architecture PR in security-baseline in some ways help with this issue? Plan to have another document on vulnerability management and incident response. had discussion with @sevansdell about the document location and review process #361
@SecurityCRob, should we still handle this through an open TAC issue, or will you be working it through your new role as Chief Architect and this issue can be closed pending future documents from you?
@SecurityCRob status update? I haven't seen any community members comment on this task, but perhaps a call for community help should be made again?