Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create security_baseline_sandbox_stage.md #354

Merged
merged 5 commits into from
Jul 23, 2024
Merged

Create security_baseline_sandbox_stage.md #354

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a551b41
Create security_baseline_sandbox_stage.md
Danajoyluck Jul 11, 2024
d563c44
Update security_baseline_sandbox_stage.md
Danajoyluck Jul 12, 2024
d0bf83b
Update security_baseline_sandbox_stage.md
Danajoyluck Jul 12, 2024
dad64c8
Update process/sig-lifecycle-documents/security_baseline_sandbox_stag…
lehors Jul 13, 2024
05ff0ed
Update security_baseline_sandbox_stage.md goals
Danajoyluck Jul 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions process/sig-lifecycle-documents/security_baseline_sandbox_stage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
## Creation of a new Special Interest Group (SIG) at Sandbox stage

### Proposed focus, intent, goals, and/or deliverables

The goal of this SIG is to evolve [OpenSSF security baseline](https://github.com/ossf/tac/blob/a90b9838739ac18df43197fdd89f045c1a1e4dc3/process/security_baseline.md) for Linux Foundation wide adoption.

### List SIG Lead(s)
The SIG must have a minimum of 1 Lead
* Eddie Knight, OpenSSF Security Insights lead, Sonatype, GitHub ID: eddie-knight

Check failure on line 9 in process/sig-lifecycle-documents/security_baseline_sandbox_stage.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`eddie` is not a recognized word. (unrecognized-spelling)
* Michael Lieberman, OpenSSF GUAC lead, Kusari, GitHub ID: mlieberman85

Check failure on line 10 in process/sig-lifecycle-documents/security_baseline_sandbox_stage.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`mlieberman` is not a recognized word. (unrecognized-spelling)

### List of interested individuals
The SIG have a minimum of 3 members with 2 different organizational affiliations.
* Adolfo "Puerco" García Veytia, CNCF kubernetes SIG Release Technical Lead, OpenSSF Protobom, OpenVEX maintainer, Staklock, GitHub ID: puerco

Check failure on line 14 in process/sig-lifecycle-documents/security_baseline_sandbox_stage.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`Staklock` is not a recognized word. (unrecognized-spelling)
* Justin Cappos, CNCG TUF, in-toto, Uptane, OpenSSF gittuf maintainer, New York University. GitHUb ID: JustinCappos

Check failure on line 15 in process/sig-lifecycle-documents/security_baseline_sandbox_stage.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`Uptane` is not a recognized word. (unrecognized-spelling)

Check failure on line 15 in process/sig-lifecycle-documents/security_baseline_sandbox_stage.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`CNCG` is not a recognized word. (unrecognized-spelling)
* David Wheeler, OpenSSF Best Practice Badge maintainer, OpenSSF, GitHub ID: david-a-wheeler
* Dana Wang, OpenSSF security baseline maintainer, OpenSSF, GitHub ID: danajoyluck

Check failure on line 17 in process/sig-lifecycle-documents/security_baseline_sandbox_stage.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`danajoyluck` is not a recognized word. (unrecognized-spelling)

### Governing Body
SIGs may report to an existing OpenSSF Working Group or directly to the TAC as their governing body. The SIG commits to providing the governing body quarterly updates on progress.
* Security Best Practices Working Group

### SIG References
The SIG should provide a list of existing resources with links to the repository, and if available, website, a roadmap, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the SIG.
| Reference | URL |
|---------------------|-----|
| Repo | |
| Meeting Agenda | |
| OSSF Calendar Entry | |
| Website | |
| Security.md | |
| Roadmap | |
| code-of-conduct.md | |
| Demos | |
| Other | [OpenSSF security baseline](https://github.com/ossf/tac/blob/a90b9838739ac18df43197fdd89f045c1a1e4dc3/process/security_baseline.md) |
Loading