Tracking Issue for CNCF Incubation

[Neil-Smith]

Tasks required for CNCF Incubation

Application for Incubation: Application

This issue created to track our progress on the road to incubation within the CNCF.

Application Process Principles

• Engage with domain specific tag
• TAG provides insight/recommendation in context of landscape
• All project metadata and resources are vendor neutral
• Review and ack expectations for Sandbox
• Due Diligence Review
• Additional docs as appropriate

Governance

• Clear and discoverable governance documentation
• Document complete list of current maintainers, including names, contact information, domain of responsibility, and affiliation.
• A number of active maintainers which is appropriate to the size and scope of the project.
• Code and Doc ownership in Github and elsewhere matches documented governance roles.
• Document adoption of the CNCF Code of Conduct
• CNCF Code of Conduct is cross-linked from other governance documents.
• All subprojects, if any, are listed.

Contributers

• Clearly defined and discoverable process to submit issues or changes.
• Project must have, and document, at least one public communications channel for users and/or contributors.
• List and document all project communication channels, including subprojects (mail list/slack/etc.). List any non-public communications channels and what their special purpose is.
• Up-to-date public meeting schedulers and/or integration with CNCF calendar.
• Documentation of how to contribute, with increasing detail as the project matures.
• Demonstrate contributor activity and recruitment.

Engineering Principles

• Document project goals and objectives that illustrate the project’s differentiation in the Cloud Native landscape as well as outlines how this project fulfills an outstanding need and/or solves a problem differently. This can also be satisfied by completing a General Technical Review.
• Document what the project does, and why it does it - including viable cloud native use cases. This can also be satisfied by completing a General Technical Review.
• Document and maintain a public roadmap or other forward looking planning document or tracking mechanism.
• Document overview of project architecture and software design that demonstrates viable cloud native use cases, as part of the project's documentation. This can also be satisfied by completing a General Technical Review and capturing the output in the project's documentation.
• Document the project's release process.

Security

• Clearly defined and discoverable process to report security issues.
• Enforcing Access Control Rules to secure the code base against attacks (Example: two factor authentication enforcement, and/or use of ACL tools.)
• Document assignment of security response roles and how reports are handled.
• Document Security Self-Assessment.
• Achieve the Open Source Security Foundation (OpenSSF) Best Practices passing badge.

Ecosystem

• Publicly documented list of adopters, which may indicate their adoption level (dev/trialing, prod, etc.)
• Used in appropriate capacity by at least 3 independent + indirect/direct adopters, (these are not required to be in the publicly documented list of adopters)
• TOC verification of adopters.
• Clearly documented integrations and/or compatibility with other CNCF projects as well as non-CNCF projects.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.

[mheon]

Governance is done, though it looks like we should add a list of subprojects to be truly complete (so Buildah and Skopeo would have to be linked from our governance doc).