Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intoto summary #208

Merged
merged 8 commits into from
Jul 1, 2019
Merged

Intoto summary #208

merged 8 commits into from
Jul 1, 2019

Conversation

ultrasaurus
Copy link
Member

Content taken from here: https://docs.google.com/document/d/1dcDu8XWHlJ47FsIh3M1NwihmgfO3iqjH_Dn5tkevdqg/edit

I moved around the sections a bit for readability and thinking a little about how this might have looked over time, if we had started with this process.

Note: this is both the in-toto assessment and a template. We're planning to follow the same process for first 5 assessment (see #167) -- we're not going to get too caught up in sticking to the format if we find unexpected differences, but trying to avoid revisiting process until we have done the first set.

@ultrasaurus ultrasaurus requested a review from lumjjb June 26, 2019 02:13
dshaw
dshaw previously approved these changes Jun 26, 2019
View reviewed changes
Copy link
Contributor

@dshaw dshaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thanks for all the hard work.

lumjjb
lumjjb reviewed Jun 26, 2019
View reviewed changes
Copy link
Contributor

@lumjjb lumjjb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few logistical notes + nits. Else, lgtm.

assessments/projects/in-toto/README.md Outdated Show resolved Hide resolved
assessments/projects/in-toto/README.md Outdated Show resolved Hide resolved
assessments/projects/in-toto/README.md Outdated Show resolved Hide resolved
assessments/projects/in-toto/README.md Outdated Show resolved Hide resolved
assessments/projects/in-toto/README.md Show resolved Hide resolved
@lumjjb lumjjb added the assessment-process proposed improvements to security assessment process label Jun 26, 2019
pragashj
pragashj reviewed Jun 26, 2019
View reviewed changes
Copy link
Collaborator

@pragashj pragashj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please address the comment for details on common supply chain threat reference

assessments/projects/in-toto/README.md Show resolved Hide resolved
justincormack
justincormack previously approved these changes Jul 1, 2019
View reviewed changes
@justincormack
Copy link
Contributor

Needs a rebase...

@ultrasaurus ultrasaurus dismissed stale reviews from justincormack and dshaw via 5820be7 July 1, 2019 14:44
@ultrasaurus ultrasaurus merged commit cc06ace into cncf:master Jul 1, 2019
@ultrasaurus ultrasaurus deleted the intoto-summary branch July 1, 2019 17:15
Michael-Susu12138 pushed a commit to Michael-Susu12138/tag-security that referenced this pull request Dec 12, 2023
@ultrasaurus
Merge pull request cncf#208 from ultrasaurus/intoto-summary
baad67e 
In-toto security assessment summary
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pragashj pragashj pragashj left review comments

@lumjjb lumjjb lumjjb left review comments

@justincormack justincormack justincormack approved these changes

@dshaw dshaw dshaw left review comments

Assignees
No one assigned
Labels
assessment-process proposed improvements to security assessment process
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ultrasaurus @justincormack @dshaw @lumjjb @pragashj