Adding security self-assesment for project K3s#1986
Conversation
Signed-off-by: Orlix <orlin@orlix.org>
|
@eddie-knight PTAL ^^ Thanks! |
|
FYI: The contents of the assessment were reviewed and approved from the prior PR. cncf/tag-security#1500 (review) |
|
@eddie-knight @JustinCappos is there anything else we need to get this in? thank you! |
|
@OrlinVasilev This is approved by the TAG, but must be merged by the TOC per the codeowner enforcement |
|
Thank you! |
@mnm678 @jkjell @evankanderson , can you help us move this along? |
|
If we move the assessment to a sub-directory called https://github.com/cncf/toc/blob/main/.github/CODEOWNERS#L40 |
kfaseela
left a comment
There was a problem hiding this comment.
Thanks for the PR! Just left a few small nits. Otherwise LGTM
|
|
||
| This document provides K3s maintainers and stakeholders with additional context to help inform the roadmap creation process, so that security and feature improvements can be prioritized accordingly. | ||
|
|
||
| ## Security functions and features |
There was a problem hiding this comment.
RBAC and Pod Security Admission are correctly identified as critical security functions. Per the TAG Security self-assessment guidance, these could optionally be framed more explicitly in threat-modeling terms (e.g., threats mitigated such as unauthorized access or privilege escalation), not mandatory - just a suggestion.
Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com> Signed-off-by: Orlix <orlin@orlix.org>
kfaseela
left a comment
There was a problem hiding this comment.
Just one more small comment from me @OrlinVasilev . Once done, I will merge!
Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
Co-authored-by: Faseela K <k.faseela@gmail.com> Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
|
@kfaseela done! Thank you! |
kfaseela
left a comment
There was a problem hiding this comment.
Thanks for your patience @OrlinVasilev !
|
Hurray Thank you @kfaseela !!! |
Adding the K3s security self-assesment as advised by @eddie-knight cncf/tag-security#1500 (comment)