Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Presentation] KubeArmor Project Update #1372

Closed
1 of 4 tasks
daemon1024 opened this issue Sep 20, 2024 · 3 comments
Closed
1 of 4 tasks

[Presentation] KubeArmor Project Update #1372

daemon1024 opened this issue Sep 20, 2024 · 3 comments
Labels
triage-required Requires triage usecase-presentation Label for usecase related presentations

Comments

@daemon1024
Copy link

daemon1024 commented Sep 20, 2024
edited
Loading

Title: KubeArmor Project Update

Speakers:

Description: It's been 3 years since KubeArmor has been part of CNCF Sandbox and was last presented in WG-Policy. We want to share progress achieved in terms of development, security and adopters in last 3 years and get feedback for incubation(cncf/toc#1326).

Time: How long will the presentation take? (30 min)

Availability: Any timezone

TO DO
@daemon1024 daemon1024 added triage-required Requires triage usecase-presentation Label for usecase related presentations labels Sep 20, 2024
@mrcdb
Copy link
Member

mrcdb commented Sep 25, 2024

Hi @daemon1024 !

These are the next available meeting dates in the different timezones:

  • AMER: 9 October 10AM PDT (UTC-7)
  • APAC: 2 October 12PM AEST (UTC+10)
  • EMEA: 23 October 1PM UK (UTC+1)

Would any of this work for you?

@daemon1024
Copy link
Author

Hey @mrcdb

Oct 9, the AMER call works perfect for us.

@brandtkeller
Copy link
Collaborator

TAG recommendation to TOC

Project Overview

Ecosystem Adoption

Last 3 years - since Sandbox

30 -> 150+ Contributors
100 -> 1470 stars
30 -> 300 forks

Has seen adoption across Open Source and Enterprise

Past TOC Reviews

Communication channels was originally a finding and have since been resolved.

Security Reviews

TAG Security Assessments

Informed of the Self and Joint Assessment

Security Audit

AccuKnox threat modeling - link

Findings resulted items of best practices being resolved

Best Practices

Metrics

OpenSSF best Practices 7.9
Fuzz Testing

Static Analysis

Codeql and GoSec
Other security measures annotated in the repo

Sub-project Considerations

30 repositories total in the organization

The primary repositories abide by security best practices.

TAG Recommendation to the TOC

The project has seen significant growth and adoption since the original acceptance to Sandbox. Having conducted threat modeling and implemented a number of static analysis and security processes in the development lifecycle provides a healthy project stance for security.

The self assessment is required for projects applying for Incubation in order for the Security TAG to provide a recommendation to the TOC.

@jkjell jkjell closed this as completed Oct 30, 2024
@daemon1024 daemon1024 mentioned this issue Dec 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage-required Requires triage usecase-presentation Label for usecase related presentations
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jkjell @mrcdb @brandtkeller @daemon1024