-
Notifications
You must be signed in to change notification settings - Fork 635
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Incubation] KubeArmor Incubation Application #1326
Comments
Ref #1235 |
@daemon1024 @DelusionalOptimist @nyrahul
|
@angellk ack. On it. |
Hey @angellk, We are about to submit adopters details in the submission form What needs to be added in "Link to application tracking issue"? Thanks! |
@ssyedhadi14 please link to this issue - #1326 |
Hey @angellk, We had submitted details of 9 interviewee's details on 17 DEC. Wanted to check the status of the application and next steps. Wishing you HNY'2025! |
Thanks @ssyedhadi14 - have you completed the TAG Security self assessment and linked it to the application? As everyone is returning back from the holidays a TOC member will also complete another triage and either move the application forward to being ready for DD - or outline any remediations the project needs to take to move forward. |
Ack @angellk. TAG Security self assessment is complete and submitted - please check - cncf/tag-security#1430 |
KubeArmor Incubation Application
v1.5
This template provides the project with a framework to inform the TOC of their conformance to the Incubation Level Criteria.
Project Repo(s): https://github.com/kubearmor/KubeArmor
Project Site: https://kubearmor.io/
Sub-Projects: NA
Communication: https://join.slack.com/t/kubearmor/shared_invite/zt-2bhlgoxw1-WTLMm_ica8PIhhNBNr2GfA
Project points of contacts:
Barun Acharya (@daemon1024, [email protected])
Rudraksh Pareek (@DelusionalOptimist, [email protected])
Rahul Jadhav (@nyrahul, [email protected]
Incubation Criteria Summary for KubeArmor
Adoption Assertion
The project has been adopted by the following organizations in a testing and integration or production capacity:
*
Adoption of KubeArmor is tracked in our ADOPTERS.md file.
Owing to the nature of security software, only a small subset are willing to be listed.
Beyond this, we have received interests from other organizations such as:
Application Process Principles
Required
KubeArmor was presented to WG Policy in TAG Secuirty on 2021-06-09, and can be discovered at YT Link.
To be completed by TAG Security.
All project metadata and resources are vendor-neutral.
Yes
Review and acknowledgement of expectations for Sandbox projects and requirements for moving forward through the CNCF Maturity levels.
Handled as part of cncf/sandbox#226
Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisifies the Due Diligence Review criteria.
TBD by TOC Sponsor
Additional documentation as appropriate for project type, e.g.: installation documentation, end user documentation, reference implementation and/or code samples.
End User Documentation - https://docs.kubearmor.io/kubearmor/
Architecture - https://github.com/kubearmor/KubeArmor/blob/main/contribution/KubeArmor%20Design.pdf
Governance and Maintainers
Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.
Suggested
Project Governance
Initial maintainers were from AccuKnox primarily. We have independent maintainers and few other contributors who are shaping up to take the ownership of the modules. KubeArmor now has 8 Maintainers from 4 organizations and 6 Committers from 4 organizations.
Required
Complete list of current maintainers can be found at MAINTAINERS.md
A number of active maintainers which is appropriate to the size and scope of the project.
KubeArmor now has 8 Maintainers from 4 organizations
Code and Doc ownership in Github and elsewhere matches documented governance roles.
Github Teams reflect the documented roles
KubeArmor adopts CNCF Code of Conduct
CNCF Code of Conduct is cross-linked from other governance documents.
Code of Conduct referenced in GOVERNANCE.md
All subprojects, if any, are listed.
NA
Contributors and Community
Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.
Suggested
NA
Required
CONTRIBUTING.md
Slack Link documented in README
All KubeArmor communications are public
Community Meetings are documented in README
We held biweekly community meetings consistently (total 52 since Sep 2021). The community did not skip a single meeting since its inception. The meeting records can be found in here.
CONTRIBUTING.md
The KubeArmor devstats page and dashboards can be found here.
According to devstats, KubeArmor currently has 252 contributors from 40 companies belonging to 15 countries.
The project averages at ~100 contributions from around ~16 contributors per month according to kubearmor.devstats.cncf.io contained within 30 merged PRs on average per month for the last year.
Engineering Principles
Suggested
KubeArmor uses the semantic versioning scheme.
KubeArmor follows roughly once every two months release cadence with version numbers using format of MAJOR.MINOR.PATCH. The latest release is v1.3.5
We have releases documented at: https://github.com/KubeArmor/KubeArmor/releases.
KubeArmor has a release cadence of once in two month release cycle.
Required
KubeArmor supports inline mitigation for preventing attacks. Differentiation Document
All of KubeArmor usecase are documented and updated at https://github.com/kubearmor/KubeArmor/blob/main/getting-started/use-cases/hardening.md
The backlog/roadmap for KubeArmor can be found here.
KubeArmor Design and Architecture is documented at - Architecture - https://github.com/kubearmor/KubeArmor/blob/main/contribution/KubeArmor%20Design.pdf
KubeArmor Release Process is documented as part of Release Wiki
Security
Note: this section may be augemented by a joint-assessment performed by TAG Security.
Required
See SECURITY.md
We follow Security Practices based on OpenSSF Security Score Card
https://securityscorecards.dev/viewer/?uri=github.com/kubearmor/KubeArmor
It includes
Branch Protection
Token Permissions
SAST
CI Best Practices
Document assignment of security response roles and how reports are handled.
See SECURITY.md. All Maintainers are responsible for reacting to incident reports.
Being handled in cncf/tag-security#1430
https://www.bestpractices.dev/en/projects/5401
Ecosystem
Required
Adoption of KubeArmor is tracked in our ADOPTERS.md file.
Owing to the nature of security software, only a small subset are willing to be listed.
Yes
The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation.
Refer to the Adoption portion of this document.
Additional Information
The text was updated successfully, but these errors were encountered: