Skip to content

[Spike] Investigate a security threat model for devfiles org #1462

Closed
@thepetk

Description

@thepetk

Which area this user story is related to?

/area api
/area library
/area registry
/area alizer
/area landing-page

Issue description

As part of our security policy, recommended by the CLO Monitor best practices, we could implement a security threat model so we can understand better threats and mitigations within the devfiles org. A useful resource shared by cncf.io is https://www.cncf.io/blog/2023/03/16/threat-modeling-to-cloud-native-we-need-a-new-approach/.

This issue focuses only in the investigation around a potential security thread model which could be followed by the devfiles team.

Acceptance Criteria

  • Decide if a threat model is a requirement for the devfiles org.
  • If it is a requirement, the results of investigation have been shared.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/alizerEnhancement or issue related to the alizer repoarea/apiEnhancement or issue related to the api/devfile specificationarea/landing-pageIssues with the Landing Pagearea/libraryCommon devfile library for interacting with devfilesarea/registryDevfile registry for stacks and infrastructure

    Type

    No type

    Projects

    Status

    Done ✅

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions