Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit and align governance, contribution, and security docs with CNCF guidelines #5363

Open
yurishkuro opened this issue Apr 16, 2024 · 4 comments
Assignees
Labels
help wanted Features that maintainers are willing to accept but do not have cycles to implement

Comments

@yurishkuro
Copy link
Member

TAG Security has prepared Security Guidelines for new projects on contribute.cncf.io that are worth reviewing to refresh and refamiliarize your project’s configuration and settings. There are also a variety of templates available to assist projects in bootstrapping any governance structure or process they may currently be missing. As your project grows, we encourage projects to leverage the TAG Contributor Strategy’s contributor ladder framework to create structure, expectations, and clear roles and responsibilities for welcoming and inviting contributors to take on more leadership roles within a project. Migrating to this framework can support projects and proactively manage contributions without creating or embellishing a sense of urgency.

@yurishkuro yurishkuro added the help wanted Features that maintainers are willing to accept but do not have cycles to implement label Apr 16, 2024
@jkowall jkowall self-assigned this Apr 16, 2024
@jkowall
Copy link
Contributor

jkowall commented Apr 16, 2024

I will take a look at this one. I will compare the guidelines and try to normalize the DEVELOP, CONTRIBUTING, GUIDELINES and the website https://www.jaegertracing.io/get-involved/.

@jkowall
Copy link
Contributor

jkowall commented Apr 16, 2024

Security scanning fix : #5364
Update on CODE_OF_CONDUCT and adding MAINTAINERS file : #5365

Jaeger doesn't have and likely doesn't need elections or subproject governance.

Open question, do we want to improve the OpenSSF score? https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger It would mean implementing Fuzzing, fixing permissions on tokens minimally.

@yurishkuro
Copy link
Member Author

It would mean implementing Fuzzing, fixing permissions on tokens minimally.

+1 to fix tokens. Fuzzing is a pretty specialized domain, I don't have any expertise in it. It's not that I mind having fuzzing tests, but I am not particularly eager to invest time and I cannot really guide anyone if we make it a help-wanted issue..

jkowall added a commit that referenced this issue Apr 16, 2024
…5365)

Only changes in md for this one

Adding MAINTAINERS.md, and fixing a 404 in GOVERNANCE.md
Fixing CODE_OF_CONDUCT per template :
https://github.com/cncf/project-template/blob/main/CODE_OF_CONDUCT.md

Working on : #5363

---------

Signed-off-by: Jonah Kowall <jkowall@kowall.net>
Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com>
yurishkuro pushed a commit that referenced this issue Apr 17, 2024
Fixed typo, thanks for the catch @yurishkuro 

re: #5363

Signed-off-by: Jonah Kowall <jkowall@kowall.net>
yurishkuro pushed a commit that referenced this issue Apr 17, 2024
This attempts to solve the following issue with our security rating
around token permissions on the scorecard :
https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger



![image](https://github.com/jaegertracing/jaeger/assets/1859948/512902d6-48b2-45b6-b971-a33af75dca70)

## Which problem is this PR solving?
Part of #5363

## Description of the changes
Moving write permissions into the jobs 

## How was this change tested?
It will be tested after the PR is submitted as the jobs do not fully run
on my fork.

## Checklist
- [x] I have read
https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md
- [x] I have signed all commits
- [NA] I have added unit tests for the new functionality
- [NA] I have run lint and test steps successfully

Signed-off-by: Jonah Kowall <jkowall@kowall.net>
yurishkuro pushed a commit that referenced this issue Apr 23, 2024
## Which problem is this PR solving?
This adds the artifact hub badge for Jaeger, which will be official once
the last PR is pushed from the helm chart repo.

#5363

## Description of the changes
Add new image on README.md

## How was this change tested?
Tested on Github branch

## Checklist
- [X] I have read
https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md
- [X] I have signed all commits
- [NA] I have added unit tests for the new functionality
- [NA] I have run lint and test steps successfully
  - for `jaeger`: `make lint test`
  - for `jaeger-ui`: `yarn lint` and `yarn test`

Signed-off-by: Jonah Kowall <jkowall@kowall.net>
@jkowall
Copy link
Contributor

jkowall commented Apr 24, 2024

Opened this issue to get official in Artifact Hub : artifacthub/hub#3787

varshith257 pushed a commit to varshith257/jaeger that referenced this issue May 3, 2024
…aegertracing#5365)

Only changes in md for this one

Adding MAINTAINERS.md, and fixing a 404 in GOVERNANCE.md
Fixing CODE_OF_CONDUCT per template :
https://github.com/cncf/project-template/blob/main/CODE_OF_CONDUCT.md

Working on : jaegertracing#5363

---------

Signed-off-by: Jonah Kowall <jkowall@kowall.net>
Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com>
Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
varshith257 pushed a commit to varshith257/jaeger that referenced this issue May 3, 2024
Fixed typo, thanks for the catch @yurishkuro 

re: jaegertracing#5363

Signed-off-by: Jonah Kowall <jkowall@kowall.net>
Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
varshith257 pushed a commit to varshith257/jaeger that referenced this issue May 3, 2024
…5370)

This attempts to solve the following issue with our security rating
around token permissions on the scorecard :
https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger



![image](https://github.com/jaegertracing/jaeger/assets/1859948/512902d6-48b2-45b6-b971-a33af75dca70)

## Which problem is this PR solving?
Part of jaegertracing#5363

## Description of the changes
Moving write permissions into the jobs 

## How was this change tested?
It will be tested after the PR is submitted as the jobs do not fully run
on my fork.

## Checklist
- [x] I have read
https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md
- [x] I have signed all commits
- [NA] I have added unit tests for the new functionality
- [NA] I have run lint and test steps successfully

Signed-off-by: Jonah Kowall <jkowall@kowall.net>
Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
varshith257 pushed a commit to varshith257/jaeger that referenced this issue May 3, 2024
## Which problem is this PR solving?
This adds the artifact hub badge for Jaeger, which will be official once
the last PR is pushed from the helm chart repo.

jaegertracing#5363

## Description of the changes
Add new image on README.md

## How was this change tested?
Tested on Github branch

## Checklist
- [X] I have read
https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md
- [X] I have signed all commits
- [NA] I have added unit tests for the new functionality
- [NA] I have run lint and test steps successfully
  - for `jaeger`: `make lint test`
  - for `jaeger-ui`: `yarn lint` and `yarn test`

Signed-off-by: Jonah Kowall <jkowall@kowall.net>
Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Features that maintainers are willing to accept but do not have cycles to implement
Projects
None yet
Development

No branches or pull requests

2 participants