Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create security_baseline.md #353

Merged
merged 25 commits into from
Jul 23, 2024
Merged

Create security_baseline.md #353

merged 25 commits into from
Jul 23, 2024

Commits on Jul 10, 2024

  1. Create security_baseline.MD 

    GitHub version of the security baseline for TAC review. 

Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 10, 2024
    Configuration menu
    Copy the full SHA
    5899846 View commit details
    Browse the repository at this point in the history

Commits on Jul 11, 2024

  1. Update process/baseline/security_baseline.MD 

    Signed-off-by: Arnaud J Le Hors <[email protected]>
    @lehors
    lehors authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    c71ee23 View commit details
    Browse the repository at this point in the history

  2. Update process/baseline/security_baseline.MD 

    Signed-off-by: Arnaud J Le Hors <[email protected]>
    @lehors
    lehors authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    00c2a6c View commit details
    Browse the repository at this point in the history

  3. Update process/baseline/security_baseline.MD 

    Signed-off-by: Arnaud J Le Hors <[email protected]>
    @lehors
    lehors authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    e5c1d82 View commit details
    Browse the repository at this point in the history

  4. Rename security_baseline.MD to security_baseline.md 

    Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    689c123 View commit details
    Browse the repository at this point in the history

  5. Create security_baseline.md in TAC process folder 

    This is to fix the path issue in PR #353. Unfortunately I cannot use the original PR to move the file to the parent folder. 

Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    a87572b View commit details
    Browse the repository at this point in the history

  6. Delete process/baseline/security_baseline.md 

    Moving the file to process folder

Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    a90b983 View commit details
    Browse the repository at this point in the history

Commits on Jul 12, 2024

  1. Update process/security_baseline.md 

    fix a  typo

Co-authored-by: Marcela Melara <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck @marcelamelara
    Danajoyluck and marcelamelara authored Jul 12, 2024
    Configuration menu
    Copy the full SHA
    4104a06 View commit details
    Browse the repository at this point in the history

  2. Update process/security_baseline.md 

    Agree with the recommendation.

Co-authored-by: Marcela Melara <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck @marcelamelara
    Danajoyluck and marcelamelara authored Jul 12, 2024
    Configuration menu
    Copy the full SHA
    3de7e60 View commit details
    Browse the repository at this point in the history

  3. Update process/security_baseline.md 

    agree with the recommendation

Co-authored-by: Marcela Melara <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck @marcelamelara
    Danajoyluck and marcelamelara authored Jul 12, 2024
    Configuration menu
    Copy the full SHA
    aa42543 View commit details
    Browse the repository at this point in the history

  4. Update security_baseline.md 

    Updated the basic operating principles:

changed "without imposing new requirements" to "with minimal new requirements" for principle "Minimal, Achievable, and Practical Baseline Requirements"

updated "Documented Governance Process" to make the objective more clear


Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 12, 2024
    Configuration menu
    Copy the full SHA
    308c777 View commit details
    Browse the repository at this point in the history

Commits on Jul 13, 2024

  1. Update security_baseline.md basic operating principle 

    added reference for automation and automatibility RE @marcelamelara comment.


Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 13, 2024
    Configuration menu
    Copy the full SHA
    4ee8615 View commit details
    Browse the repository at this point in the history

  2. Update security_baseline.md to clarify adoption and operating principles 

    address comments from @marcelamelara 
Updated success criteria around adoption, made adoption more specific. Consolidated continuous improvements operating principle into governance process 

Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 13, 2024
    Configuration menu
    Copy the full SHA
    df78b39 View commit details
    Browse the repository at this point in the history

  3. Update security_baseline.md 

    added reference for automation 

Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 13, 2024
    Configuration menu
    Copy the full SHA
    b62698b View commit details
    Browse the repository at this point in the history

Commits on Jul 15, 2024

  1. Update security_baseline.md 

    typos and other corrections + some additional explanatory text

Signed-off-by: CRob <[email protected]>
    @SecurityCRob
    SecurityCRob authored Jul 15, 2024
    Configuration menu
    Copy the full SHA
    86b9ce7 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #356 from ossf/SecurityCRob-patch-3 

    Update security_baseline.md
    @Danajoyluck
    Danajoyluck authored Jul 15, 2024
    Configuration menu
    Copy the full SHA
    01cbecf View commit details
    Browse the repository at this point in the history

Commits on Jul 16, 2024

  1. Update security_baseline.md 

    fixed my typos

Signed-off-by: CRob <[email protected]>
    @SecurityCRob
    SecurityCRob authored Jul 16, 2024
    Configuration menu
    Copy the full SHA
    2263938 View commit details
    Browse the repository at this point in the history

Commits on Jul 17, 2024

  1. Update process/security_baseline.md 

    Co-authored-by: Marcela Melara <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck @marcelamelara
    Danajoyluck and marcelamelara authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    4f77544 View commit details
    Browse the repository at this point in the history

  2. Update process/security_baseline.md 

    Co-authored-by: Marcela Melara <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck @marcelamelara
    Danajoyluck and marcelamelara authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    85dfe62 View commit details
    Browse the repository at this point in the history

  3. Update process/security_baseline.md 

    Co-authored-by: Marcela Melara <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck @marcelamelara
    Danajoyluck and marcelamelara authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    ecd09c7 View commit details
    Browse the repository at this point in the history

  4. Update security_baseline.md 

    @marcelamelara added goals for once sandbox

Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    5145d96 View commit details
    Browse the repository at this point in the history

  5. Update security_baseline.md 

    Updated "SHOULD" to "MUST" for Scorecard onboarding for to becoming incubating

Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    989e50a View commit details
    Browse the repository at this point in the history

  6. Update security_baseline.md 

    A few changes:
For "Data in transit must be protected by cryptographic means.", added "TAC project lifecycle governance process SHALL be followed if encryption is not achievable" 

Change "Baseline" to "Security Baseline" for the heading of each  level

Changed "internet service" to "internet or infrastructure service" to consider RSTUF as an infrastructure service


Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck
    Danajoyluck authored Jul 17, 2024
    Configuration menu
    Copy the full SHA
    3d963c6 View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2024

  1. Update process/security_baseline.md 

    Co-authored-by: Zach Steindler <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
    @Danajoyluck @steiza
    Danajoyluck and steiza authored Jul 23, 2024
    Configuration menu
    Copy the full SHA
    f0219fd View commit details
    Browse the repository at this point in the history

  2. Update process/security_baseline.md 

    Co-authored-by: Zach Steindler <[email protected]>
Signed-off-by: CRob <[email protected]>
    @SecurityCRob @steiza
    SecurityCRob and steiza authored Jul 23, 2024
    Configuration menu
    Copy the full SHA
    5a8dfec View commit details
    Browse the repository at this point in the history