Auto-refreshing Official CVE Feed #3203
Comments
k8s-ci-robot
added
the
needs-sig
|
/sig security docs |
k8s-ci-robot
added
sig/security
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
Hello @PushkarJ, @nehaLohia27 👋, 1.25 Enhancements team here. Just checking in as we approach enhancements freeze on 18:00 PST on Thursday June 16, 2022. For note, This enhancement is targeting for stage Here's where this enhancement currently stands:
Looks like for this one, we would need to update the open PR #3204 with the following:
For note, the status of this enhancement is marked as |
jasonbraganza
added
the
tracked/yes
|
Thank you for the detailed feedback @jasonbraganza . I believe the latest updates to PR #3204 should resolve the pending items. Please let us know if anything else is missing! |
|
Thank you so much, @PushkarJ! I’ll update the KEP in our enhancements sheet to |
|
Hi @PushkarJ, Enhancements team here again 👋 Checking in as we approach Code Freeze at 01:00 UTC on Wednesday, 3rd August 2022. Please ensure that the following items are completed before the code-freeze:
Currently, the status of the enhancement is marked as Thanks :) |
|
Thanks for the reminder @Atharva-Shinde. Added all the relevant PRs in the issue description now :) |
|
The relevant PRs against this KEP:
|
|
@PushkarJ I have marked this enhancement as |
|
Yes @sftim !! Big 👍 to @mtardy To clarify the feed was a valid JSON before too but didn't conform to JSONFeed Spec. Now it is indeed valid: https://validator.jsonfeed.org/?url=https%3A%2F%2Fkubernetes.io%2Fdocs%2Freference%2Fissues-security%2Fofficial-cve-feed%2Findex.json |
|
Hey again @PushkarJ 👋 Enhancements team here, |
|
Thank you @Atharva-Shinde. Updated the description to include all relevant PRs. |
|
@PushkarJ was there a Docs PR opened against dev-1.27 branch in the k/website repo? If not, please take a look at Documenting for a release - PR Ready for Review to get your PR ready for review as soon as possible. 01:00 UTC Wednesday 22nd March 2023 / 17:00 PDT Tuesday 21st March 2023 is the official deadline. This PR will need a doc review by Tuesday 4th April 2023 to get this into the release. Please reach out to required SIGs to get their review. Thank you! |
|
As discussed in Slack, this does not need a 1.27 Docs PR because its Docs PRs are targeted to master / main branch. |
Atharva-Shinde
removed
tracked/yes
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
What should be in scope for the CVE feed? See kubernetes/website#45576 for context. Do we list all vulnerabilities, or just the ones that are vulnerabilities in k/k? |
|
Thanks @sftim I have added this in scope for beta-> GA graduation. More Intuittive path right now to me seems to be that SIG Security Tooling maintainers create a duplicate issue in k/k with the right labels linking the one created by SRC. I have proposed it in kubernetes/kubernetes#123964 (comment) to get feedback from SRC on this |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten We should progress this (or drop the existing feed 😬) |
k8s-ci-robot
added
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
Enhancement Description
k/enhancements) update PR(s): KEP-3203: Add Auto-refreshing Official CVE feed #3204k/k) update PR(s): N/Ak/website) update PR(s): [KEP-3203] Fetch and Render CVE JSON Feed website#35228k/k8s.ioPR(s): kubernetes-public: add bucket k8s-cve-feed k8s.io#4009k/test-infraPR(s):k/sig-securityPR(s):k/enhancements) update PR(s): KEP-3203: Alpha->Beta Graduation Updates #3828k/k) update PR(s): N/Ak/website) update(s):k/sig-securityPR(s):last_updatedroot fields sig-security#76Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.
The text was updated successfully, but these errors were encountered: