-
Notifications
You must be signed in to change notification settings - Fork 527
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Proposal] CNCF Mentorship proposals #1058
Comments
Thanks for bringing this idea @jkjell. This sounds interesting, and an initiative I wanted to support for sometime now. |
This issue has been automatically marked as inactive because it has not had recent activity. |
@eddie-knight to share more about the maintainer needs he heard during security slam |
During the Security Slam we use CLOMonitor to measure projects against the CNCF security hygiene standards. Projects we've spoken who aren't able to meet the standard generally fall into three categories:
In the case of the first two types of project, a strong case could be made for guiding mentees to make the recommended security hygiene contributions. There is a body of material that can already streamline some of this work, but some elements will likely need a bit more guidance. I don't want to name any projects here in case the situations change over time, but I'm happy to collab with anyone who wants to help pair mentees with projects who would benefit most from the support. |
Thank you @eddie-knight. These are great insights. Would you mind making introductions with one or two project maintainers (Slack group chat is ok) that you have in mind and share with them https://lfx.linuxfoundation.org/tools/mentorship as a way to get some security items off their plate with some expectation for mentoring? Let's be transparent and say that this will be pilot but one or more of us from TAG Security can help craft the project / program proposal with them. |
I reached out to the ContainerSSH maintainers, and they're excited to hear more about this. Making an intro on Slack now. Will do the same when I hear back from a second interested project. |
Description: what's your idea?
Impact: Describe the customer impact of the problem. Who will this help? How will it help them?
Help grow community interest and participation in all aspects of TAG Security and related work. This will also support the broader CNCF efforts around mentorship: https://github.com/cncf/mentoring
Scope: How much effort will this take? ok to provide a range of options if or "not yet determined" for initial proposals. Feel free to include proposed tasks below or link a Google doc
I see two aspects to this:
This would be an ongoing effort to submit proposals to the different programs.
It generally looks like the programs listed in CNCF Mentoring last around 3 months. The time commitment for mentoring will need to be matched with the mentee's experience and the projects requirements.
For program proposals, we could collaborate with other CNCF projects interested in performing security related work (i.e. securing their supply chain, performing security self-assessments, establishing security policies) or we could propose items that would be for work more directly related to TAG Security and its working groups.
TO DO
The text was updated successfully, but these errors were encountered: