Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes-Security-Slam-2023 #17808

Closed
11 of 14 tasks
acumino opened this issue Dec 15, 2023 · 13 comments
Closed
11 of 14 tasks

Kubernetes-Security-Slam-2023 #17808

acumino opened this issue Dec 15, 2023 · 13 comments
Assignees
@acumino @sandipanpanda
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@acumino
Copy link
Contributor

acumino commented Dec 15, 2023
edited
Loading

Open tasks for the Kubernetes Security Slam 2023

Release to Community Infrastructure:

  • [x] Releases are being made via CI(task1)- Add cloud-build file to manage release via CI #17807 Cloud-Build is for repos that release images, minikube is not a use case for it.
  • [x] Check that Images are Staged and Promoted Using Community Infra (task2) Cloud-Build is for repos that release images, minikube is not a use case for it.

Automate Security Documentation:

CLOMonitor: Secure Development Practices:

Follow-Ups:
@ArangoGutierrez
Copy link
Contributor

Cloud-Build is for repos that release images, minikube is not a use case for it

@acumino acumino mentioned this issue Dec 15, 2023
Merged
@prnvkv prnvkv mentioned this issue Dec 15, 2023
Merged
This was referenced Dec 16, 2023
Merged
Merged
Closed
@acumino
Copy link
Contributor Author

acumino commented Dec 16, 2023

The release job is required to generate SBOMs and SLSA for each release. I am not able to find one.
@spowelljr Can you confirm that releases are done manually for minikube?

@acumino
Copy link
Contributor Author

acumino commented Dec 16, 2023

The release job is required to generate SBOMs and SLSA for each release. I am not able to find one. @spowelljr Can you confirm that releases are done manually for minikube?

/cc @afbjorklund

@acumino
Copy link
Contributor Author

acumino commented Dec 16, 2023

/assign @acumino @prnvkv @sandipanpanda

@k8s-ci-robot
Copy link
Contributor

@acumino: GitHub didn't allow me to assign the following users: prnvkv.

Note that only kubernetes members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @acumino @prnvkv @sandipanpanda

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Foge9627

This comment was marked as spam.

Sign in to view
@Foge9627

This comment was marked as spam.

Sign in to view
This was referenced Dec 16, 2023
Merged
Merged
@spowelljr
Copy link
Member

The release job is required to generate SBOMs and SLSA for each release. I am not able to find one. @spowelljr Can you confirm that releases are done manually for minikube?

Releases are currently run manually from a non-publicly accessible Jenkins instance. However we were asked to migrate the release process to a public space by the end of 2024.

This was referenced Dec 16, 2023
Closed
Merged
@afbjorklund
Copy link
Collaborator

afbjorklund commented Dec 17, 2023
edited
Loading

This seems like a (rather vague) long-term goal, and you don't need to tag maintainers - until it is actually urgent to do?Otherwise it just seems like another of those drive-by initiatives...

@acumino acumino mentioned this issue Dec 18, 2023
Merged
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 17, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 19, 2024
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

@k8s-ci-robot k8s-ci-robot closed this as not planned Won't fix, can't repro, duplicate, stale May 19, 2024
@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@acumino acumino

@sandipanpanda sandipanpanda

Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@afbjorklund @ArangoGutierrez @k8s-ci-robot @acumino @spowelljr @k8s-triage-robot @Foge9627 @sandipanpanda