Open
Description
/kind user-story
/kind epic
Which area this user story is related to?
/area api
/area library
/area registry
/area alizer
/area landing-page
User Story
As part of the CNCF Defender EPIC it is recommended to add a security-policy. As part of the security policy it is also recommended to add:
- A security threat model, as part of the
security-artifacts
inside theSECURITY-INSIGHTS.yaml
of each repo. The thread model can be the same for every devfile org repo. An example threat model is here: https://github.com/cncf/financial-user-group/blob/main/projects/k8s-threat-model/README.md - A vulnerability reporting process, which about how to report properly a security issue.
Both the threat model and the vulnerability report process can be part of a more generic Security.md
file which also can define additional policies and procedures followed by the devfile org.
Acceptance Criteria
Metadata
Metadata
Assignees
Labels
Enhancement or issue related to the alizer repoEnhancement or issue related to the api/devfile specificationIssues with the Landing PageCommon devfile library for interacting with devfilesDevfile registry for stacks and infrastructureA high level requirement that can/should be split into smaller issuesUser story for new enhancementStale items. These items have not been updated for 90 days.
Type
Projects
Status
In Review 👀