[Presentation] Presenting external-secrets-operator project #1428
Comments
Skarlso
added
triage-required
|
It there a way to know when this is going to be scheduled? 😄 |
|
The next EMEA meeting will be on Jan 15. Are you available then or on Jan 29? cc @mrcdb |
|
Hello! :) 15th of January works nicely for me 1PM UK is 2PM for me which is perfect. :) Thank you! 🎉 🚀 |
|
Added to the meeting schedule for the 15th of January. You'll find the meeting information here 👍🏻 EDIT: Please find here the presentation guidelines: https://github.com/cncf/tag-security/blob/main/CONTRIBUTING.md#present-to-the-tag |
|
Thank you! Will do! :) |
|
(edit: moving this WIP notes to a finalized comment at the bottom, following review by the TAG tech leads) |
|
@eddie-knight I didn't know correctly, we don't have a dedicated security person to advice us. All maintainers review security advisory items. Does that count? :D |
|
@Skarlso — Capturing the name of a security champion is mostly for our TAG's future reference. The champion isn't an official title or role or even expertise, but would be the go-to person for discussions about project security. |
|
Even though I do not find myself an expert, I do enjoy the security theme :) I volunteer for this role @eddie-knight @Skarlso 😄 edit: I'm also one of external-secrets maintainers |
|
Ah gotcha. Nice, Gustavo. :) I actually was thinking about you when talking on the meeting earlier but didn't want to volunteer you hahahaha. |
TAG recommendation to TOCProject OverviewSecurity ChampionGustavo Fernandes de Carvalho @gusfcarvalho Ecosystem AdoptionThe External Secrets Operator (ESO) project has wide adoption by different large organizations. The project repository shows 4.6K stars with 433 contributors, and 2025 users are present on the CNCF Slack #external-secrets channel. Past TOC ReviewsThe project has undergone a previous TOC review as part of its sandbox application, and promptly addressed comments re: project security (i.e. start on a CII best practices badge, adoption of a license scanning tool). Security ReviewsTAG Security AssessmentsThe project has completed a self-assessment with the TAG as part of the Security Pals initiative (PR) , with further updates to the assessment by the project maintainers (PR). No security findings or immediate recommendations have been raised by reviewers during the self-assessment process. Security AuditNo formal external security audit has been completed yet, although the project has produced a threat model. An additional threat model based on the STRIDE framework is also available. Best PracticesMetricsThe project follow a number of security best practices: CLOmonitor, OpenSSF Best Practices, OpenSSF Scorecard. Metrics are reported as follows with relevant links: Static AnalysisThe project leverages Sonarcloud SAST scanning and FOSSA license scanning. Sub-project ConsiderationsThe ESO project does not have sub-projects. TAG Recommendation to the TOCThe External Secrets Operator project has seen wide adoption and shows attention to security best practices and proactive threat modeling. Based on these observations, the project appears to fully meet the expectations of a project at the incubating stage. |
|
Thank you, @eddie-knight ❤ |
Title: Presenting external-secrets-operator
Speakers: Gergely Brautigam (@Skarlso)
Description: Presenting External Secrets, showing up it's features, talk about pushing/pulling/generating and rotating secrets.
Time: 10-20 minutes based on how much detail is provided.
Availability: EMEA TZ, Suggestion: 18th of December.
TO DO
The text was updated successfully, but these errors were encountered: