Tag-security: [Assessment] in-toto

Created on 20 May 2019  路  5Comments  路  Source: cncf/tag-security

Project Name: in-toto

Github URL: https://github.com/in-toto

Security Provider: yes

  • [x] Identify team

    • [x] Project security lead: Santiago Torres Arias

    • [x] Lead Security Reviewer: Sarah Allen (@ultrasaurus)

    • [x] additional reviewers: Justin Cormack, Brandon Lum

  • [x] Create slack channel (e.g. #sec-assess-intoto)
  • [x] Project lead provides draft document
  • [x] "Dumb question phase" Lead Security Reviewer asks clarifying questions
  • [x] Initial review
  • [x] Project lead addresses comments/questions in draft doc
  • [x] Presentation & discussion - TODO Link recording, meeting minutes
  • [x] Share draft findings with project - in progress
  • [x] Assessment summary and doc checked in https://github.com/cncf/sig-security/tree/master/assessments/projects/in-toto
  • [X] CNCF TOC presentation -- July 9, 2019 https://www.youtube.com/watch?v=7R6IfBFg2VA (40:00)
assessment

Most helpful comment

@JustinCappos added checkbox for "Project lead addresses comments/questions in draft doc" (we should add that to the template) -- doesn't block our finalizing the summary, but does block "Assessment summary and doc checked into..."

All 5 comments

The in-toto team has reviewed the documentation and revised the documentation. I believe we're ready for the assessment team to take the next step

@JustinCappos added checkbox for "Project lead addresses comments/questions in draft doc" (we should add that to the template) -- doesn't block our finalizing the summary, but does block "Assessment summary and doc checked into..."

@ultrasaurus I believe the presentation to the TOC is over? shall we update it and close it out :)

linked video in the issue description

Was this page helpful?
0 / 5 - 0 ratings