-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Audit and align governance, contribution, and security docs with CNCF guidelines #5363
Comments
I will take a look at this one. I will compare the guidelines and try to normalize the DEVELOP, CONTRIBUTING, GUIDELINES and the website https://www.jaegertracing.io/get-involved/. |
Security scanning fix : #5364 Jaeger doesn't have and likely doesn't need elections or subproject governance. Open question, do we want to improve the OpenSSF score? https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger It would mean implementing Fuzzing, fixing permissions on tokens minimally. |
+1 to fix tokens. Fuzzing is a pretty specialized domain, I don't have any expertise in it. It's not that I mind having fuzzing tests, but I am not particularly eager to invest time and I cannot really guide anyone if we make it a help-wanted issue.. |
…5365) Only changes in md for this one Adding MAINTAINERS.md, and fixing a 404 in GOVERNANCE.md Fixing CODE_OF_CONDUCT per template : https://github.com/cncf/project-template/blob/main/CODE_OF_CONDUCT.md Working on : #5363 --------- Signed-off-by: Jonah Kowall <jkowall@kowall.net> Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com>
Fixed typo, thanks for the catch @yurishkuro re: #5363 Signed-off-by: Jonah Kowall <jkowall@kowall.net>
This attempts to solve the following issue with our security rating around token permissions on the scorecard : https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger ![image](https://github.com/jaegertracing/jaeger/assets/1859948/512902d6-48b2-45b6-b971-a33af75dca70) ## Which problem is this PR solving? Part of #5363 ## Description of the changes Moving write permissions into the jobs ## How was this change tested? It will be tested after the PR is submitted as the jobs do not fully run on my fork. ## Checklist - [x] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [x] I have signed all commits - [NA] I have added unit tests for the new functionality - [NA] I have run lint and test steps successfully Signed-off-by: Jonah Kowall <jkowall@kowall.net>
## Which problem is this PR solving? This adds the artifact hub badge for Jaeger, which will be official once the last PR is pushed from the helm chart repo. #5363 ## Description of the changes Add new image on README.md ## How was this change tested? Tested on Github branch ## Checklist - [X] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [X] I have signed all commits - [NA] I have added unit tests for the new functionality - [NA] I have run lint and test steps successfully - for `jaeger`: `make lint test` - for `jaeger-ui`: `yarn lint` and `yarn test` Signed-off-by: Jonah Kowall <jkowall@kowall.net>
Opened this issue to get official in Artifact Hub : artifacthub/hub#3787 |
…aegertracing#5365) Only changes in md for this one Adding MAINTAINERS.md, and fixing a 404 in GOVERNANCE.md Fixing CODE_OF_CONDUCT per template : https://github.com/cncf/project-template/blob/main/CODE_OF_CONDUCT.md Working on : jaegertracing#5363 --------- Signed-off-by: Jonah Kowall <jkowall@kowall.net> Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com> Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
Fixed typo, thanks for the catch @yurishkuro re: jaegertracing#5363 Signed-off-by: Jonah Kowall <jkowall@kowall.net> Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
…5370) This attempts to solve the following issue with our security rating around token permissions on the scorecard : https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger ![image](https://github.com/jaegertracing/jaeger/assets/1859948/512902d6-48b2-45b6-b971-a33af75dca70) ## Which problem is this PR solving? Part of jaegertracing#5363 ## Description of the changes Moving write permissions into the jobs ## How was this change tested? It will be tested after the PR is submitted as the jobs do not fully run on my fork. ## Checklist - [x] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [x] I have signed all commits - [NA] I have added unit tests for the new functionality - [NA] I have run lint and test steps successfully Signed-off-by: Jonah Kowall <jkowall@kowall.net> Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
## Which problem is this PR solving? This adds the artifact hub badge for Jaeger, which will be official once the last PR is pushed from the helm chart repo. jaegertracing#5363 ## Description of the changes Add new image on README.md ## How was this change tested? Tested on Github branch ## Checklist - [X] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [X] I have signed all commits - [NA] I have added unit tests for the new functionality - [NA] I have run lint and test steps successfully - for `jaeger`: `make lint test` - for `jaeger-ui`: `yarn lint` and `yarn test` Signed-off-by: Jonah Kowall <jkowall@kowall.net> Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
TAG Security has prepared Security Guidelines for new projects on contribute.cncf.io that are worth reviewing to refresh and refamiliarize your project’s configuration and settings. There are also a variety of templates available to assist projects in bootstrapping any governance structure or process they may currently be missing. As your project grows, we encourage projects to leverage the TAG Contributor Strategy’s contributor ladder framework to create structure, expectations, and clear roles and responsibilities for welcoming and inviting contributors to take on more leadership roles within a project. Migrating to this framework can support projects and proactively manage contributions without creating or embellishing a sense of urgency.
The text was updated successfully, but these errors were encountered: