-
Notifications
You must be signed in to change notification settings - Fork 517
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Presentation] Kyverno Status Overview #1341
Comments
Following.. |
Hi @realshuting! It seems this slipped through the cracks, I apologize for the delay responding! Would you like to present on September 11 at 10PT? |
Sounds great, I look forward to the presentation! |
Template for TAG recommendation to TOCProject OverviewEcosystem AdoptionWhat ecosystem adoption has the project seen? Great ecosystem adotion:
Past TOC ReviewsHow has the project addressed comments from previous reviews (incubation if graduation, sandbox if incubating, etc)? The project has clarified how it differentiates from other security projects in the space, has developed and maintained a roadmap, and has clarified their governance. Security ReviewsTAG Security AssessmentsHas the project completed a TAG Security Self-Assessment and/or Joint Assessment? If yes, please add a link and discuss how this has impacted their security posture. Yes, Kyverno has a self assessment through security pals Security AuditHas the project completed an external security audit? If yes, how have they addressed the findings? Kyverno has had a third party audit and fuzzing found a few issues which were addressed: https://main.kyverno.io/blog/2023/11/28/kyverno-completes-third-party-security- Best PracticesMetricsWhich security best practices does the project follow (for example CNCF best practices badge, OpenSSF Best Practices, CLO monitor), and how does it rate by these metrics? Kyverno has strong compliance with several best practices:
Sub-project ConsiderationsIf the project has sub-projects, how does their security posture compare to the base project? N/A TAG Recommendation to the TOCKyverno has seen strong adoption and attention to security best practices. They have created a detailed threat model for the project and achieved an impressive SLSA 3 compliance. Based on this, we recommend the project for graduation. Without blocking graduation, we recommend the project pursues a TAG Security joint assessment. |
Title: Kyverno Status Overview
Speakers: @realshuting, @JimBugwadia
Description: Give an update about Kyverno since its incubation two years ago, talk about the latest architecture and use cases. Related to Kyverno's Graduation Application, previous self-assessment.
Time: How long will the presentation take? (10 minutes)
Availability: August 21st 10 AM PT, August 28th 10 AM PT
TO DO
The text was updated successfully, but these errors were encountered: