Merge pull request cncf#1297 from eddie-knight/website-assessments

Updated links and makefile to account for relocated assessments dir

.github/ISSUE_TEMPLATE/joint-review.md

@@ -23,10 +23,10 @@ Security Provider: yes/no (e.g. Is the primary function of the project to suppor
   - [ ] Project security lead
   - [ ] Lead security reviewer
   - [ ] 1 or more additional reviewer(s)
-  - [ ] Every reviewer has read [security reviewer guidelines](https://github.com/cncf/tag-security/blob/main/assessments/guide/security-reviewer.md) and stated declaration of conflict
+  - [ ] Every reviewer has read [security reviewer guidelines](/community/assessments/guide/security-reviewer.md) and stated declaration of conflict
   - [ ] Sign off by facilitator on reviewer conflicts
 - [ ] Create slack channel (e.g. #sec-assess-projectname)
-- [ ] Project lead provides draft document - see [outline](https://github.com/cncf/tag-security/blob/main/assessments/guide/joint-review.md)
+- [ ] Project lead provides draft document - see [outline](/community/assessments/guide/joint-review.md)
 - [ ] "Naive question phase" Lead Security Reviewer asks clarifying questions
 - [ ] Assign issue to security reviewers
 - [ ] Initial review

CODE-OF-CONDUCT.md

@@ -120,5 +120,5 @@ The above guidelines are inspired by and borrowed from other communities:
 
 [cncf-coc]: https://github.com/cncf/foundation/blob/master/code-of-conduct.md  
 [charter]: https://github.com/cncf/tag-security/blob/main/governance/charter.md
-[review-outcome]: https://github.com/cncf/tag-security/tree/main/assessments#outcome
+[review-outcome]: /community/assessments#outcome
 [cncf-toc]: https://www.cncf.io/people/technical-oversight-committee/

CONTRIBUTING.md

@@ -197,7 +197,7 @@ Here are some additional sources for good content guidelines:
 [CODE-OF-CONDUCT.md]: CODE-OF-CONDUCT.md
 [help is needed]: https://github.com/cncf/tag-security/labels/help%20wanted
 [communication channels]: README.md#Communications
-[security reviews]: ./assessments/README.md
+[security reviews]: /community/assessments/README.md
 [CNCF Slack guidelines]: https://github.com/cncf/foundation/blob/main/slack-guidelines.md
 [code of conduct]: ./CODE-OF-CONDUCT.md
 [CNCF Style Guide]: https://github.com/cncf/foundation/blob/main/style-guide.md

README.md

@@ -39,7 +39,7 @@ Below is a list of publications by TAG Security. For a comprehensive collection
 | [Handling Build-time Dependency Vulnerabilities](https://github.com/cncf/tag-security/blob/main/policy/overview-policy-build-time-dependency-vulns.md) | June, 2022 |
 | [Secure Software Factory: A Reference Architecture to Securing the Software Supply Chain](https://github.com/cncf/tag-security/raw/main/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf) | May, 2022 |
 | [Secure Defaults](https://github.com/cncf/tag-security/blob/main/security-whitepaper/secure-defaults-cloud-native-8.md) | February, 2022 |
-| [Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security](https://github.com/cncf/tag-security/blob/main/assessments/Open_and_Secure.pdf) | November, 2023 |
+| [Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security](/community/assessments/Open_and_Secure.pdf) | November, 2023 |
 
 ## Governance
 
@@ -135,5 +135,5 @@ For [CNCF project proposal process](https://github.com/cncf/toc/blob/main/proces
 create a
 new [security review issue](https://github.com/cncf/tag-security/issues/new?assignees=&labels=assessment&template=security-assessment.md&title=%5BAssessment%5D+Project+Name)
 with a
-[self-assessment](./assessments/guide/self-assessment.md)
+[self-assessment](/community/assessments/guide/self-assessment.md)
 .

community/assessments/guide/README.md

@@ -66,7 +66,7 @@ feel important in an updated self-assessment based on feedback and discussion.
 
 After the presentation, the **project lead** or their designee should submit a
 PR, citing the presentation issue number to add the self-assessment to
-[assessments/projects](https://github.com/cncf/tag-security/tree/main/assessments/projects)
+[assessments/projects](/community/assessments/projects)
 under its own folder.  The ticket may then be closed after merged in.
 
 ### Growing projects

community/assessments/guide/joint-readme-template.md

@@ -27,7 +27,7 @@ _Use cases, integrations, etc. bulleted, should be available in the joint assess
 
 ## Recommendations
 
-_refer to the existing readmes for other projects, such as [SPIFFE/SPIRE](https://github.com/cncf/tag-security/tree/main/assessments/projects/spiffe-spire) as a guide for developing this area_
+_refer to the existing readmes for other projects, such as [SPIFFE/SPIRE](/community/assessments/projects/spiffe-spire) as a guide for developing this area_
 
 ### CNCF recommendations
 

community/assessments/projects/cloudevents/self-assessment.md

@@ -951,4 +951,4 @@ including more physical areas such as mechanical engineering and factories.
 * [Sample Security
   Assessment](https://github.com/Rana-KV/tag-security/blob/main/assessments/projects/karmada/self-assessment.md#threat-modeling-with-stride)
 * [Open and Secure
-  Book](https://github.com/cncf/tag-security/blob/main/assessments/Open_and_Secure.pdf)
+  Book](/community/assessments/Open_and_Secure.pdf)

community/assessments/projects/flatcar/self-assessment.md

@@ -12,7 +12,7 @@ Authors: Danielle Tal and Thilo Fromm
 
 [the Appendix](#heading=h.7dxoyq24wwg8))
 
-This self-assessment thoroughly reflects on Flatcar Container Linux’ security mechanisms and processes, and lists and assesses security documentation. The document aims to provide a foundation for a [joint security review](https://github.com/cncf/tag-security/blob/main/assessments/guide/joint-assessment.md) of the Flatcar project; target audience is [joint assessment reviewers](https://github.com/cncf/tag-security/blob/main/assessments/guide/security-reviewer.md).
+This self-assessment thoroughly reflects on Flatcar Container Linux’ security mechanisms and processes, and lists and assesses security documentation. The document aims to provide a foundation for a [joint security review](/community/assessments/guide/joint-assessment.md) of the Flatcar project; target audience is [joint assessment reviewers](/community/assessments/guide/security-reviewer.md).
 
 
 # Metadata

governance/roles.md

@@ -318,7 +318,7 @@ community [via the `#tag-security`
 channel](https://cloud-native.slack.com/archives/CDJ7MLT8S)), and issue a
 call/request for reviewers (i.e. a single security assessment lead, and at
 least two additional security reviewers), and ensuring all reviewers [read the
-conflict of interest disclosure](../assessments/guide/security-reviewer.md) and
+conflict of interest disclosure](/community/assessments/guide/security-reviewer.md) and
 sign-off on it in the GitHub ticket itself.
 
 From this point forward, the security assessment lead is the primary
@@ -435,7 +435,7 @@ Some ongoing projects may have teams where members are identified for additional
 roles and may be required to have specific expertise. For visibility, these
 additional project roles are listed below:
 
-* [Security Reviewers](../assessments/guide/security-reviewer.md)
+* [Security Reviewers](/community/assessments/guide/security-reviewer.md)
 
 ## Lead rotations
 

project-resources/README.md

@@ -3,7 +3,7 @@
 This directory is intended to provide CNCF and other open source projects with
 resources and templates to assist in kick-starting their security practices.
 The templates, guides, and other documents herein assist projects in completion
-of the [self-assessment](../assessments/guide/self-assessment.md) as well as a few
+of the [self-assessment](./community/assessments/guide/self-assessment.md) as well as a few
 items in the [CII badging](https://bestpractices.coreinfrastructure.org/en)
 process.
 

publications/README.md

@@ -13,20 +13,20 @@ This document lists all the publications and resources that TAG Security has pro
 | | **Translations** | | |
 | | | Portuguese (v1) | [Link](https://github.com/cncf/tag-security/blob/main/security-whitepaper/v1/cloud-native-security-whitepaper-brazilian-portugese.md) |
 | | | Chinese (v1) | [Link](https://github.com/cncf/tag-security/blob/main/security-whitepaper/v1/cloud-native-security-whitepaper-simplified-chinese.md) |
-| **Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security** | Guide for assessing and understanding the security of open source software projects | PDF | [Link](https://github.com/cncf/tag-security/blob/main/assessments/Open_and_Secure.pdf) |
+| **Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security** | Guide for assessing and understanding the security of open source software projects | PDF | [Link](/community/assessments/Open_and_Secure.pdf) |
 | **Policy** | | | |
 | | Formal Verification for Policy Configurations | Markdown | [Link](https://github.com/cncf/tag-security/blob/main/policy/overview-policy-formal-verification.md) |
 | | Handling build-time dependency vulnerabilities | Markdown | [Link](https://github.com/cncf/tag-security/blob/main/policy/overview-policy-build-time-dependency-vulns.md) |
 | **Secure Defaults: Cloud Native 8** | | Markdown | [Link](https://github.com/cncf/tag-security/blob/main/security-whitepaper/secure-defaults-cloud-native-8.md) |
 | **Security Assessments** | Assessments of several CNCF projects | | |
-| | Buildpacks | Markdown | [Link](https://github.com/cncf/tag-security/tree/main/assessments/projects/buildpacks) |
-| | Cloud Custodian | Markdown | [Link](https://github.com/cncf/tag-security/tree/main/assessments/projects/custodian) |
-| | Harbor | Markdown | [Link](https://github.com/cncf/tag-security/tree/main/assessments/projects/harbor) |
-| | In-toto | Markdown | [Link](https://github.com/cncf/tag-security/tree/main/assessments/projects/in-toto) |
-| | Keycloak | Markdown | [Link](https://github.com/cncf/tag-security/tree/main/assessments/projects/keycloak) |
-| | Kyverno | Markdown | [Link](https://github.com/cncf/tag-security/tree/main/assessments/projects/kyverno) |
-| | OPA | Markdown | [Link](https://github.com/cncf/tag-security/tree/main/assessments/projects/opa) |
-| | Spiffe-Spire | Markdown | [Link](https://github.com/cncf/tag-security/tree/main/assessments/projects/spiffe-spire) |
+| | Buildpacks | Markdown | [Link](/community/assessments/projects/buildpacks) |
+| | Cloud Custodian | Markdown | [Link](/community/assessments/projects/custodian) |
+| | Harbor | Markdown | [Link](/community/assessments/projects/harbor) |
+| | In-toto | Markdown | [Link](/community/assessments/projects/in-toto) |
+| | Keycloak | Markdown | [Link](/community/assessments/projects/keycloak) |
+| | Kyverno | Markdown | [Link](/community/assessments/projects/kyverno) |
+| | OPA | Markdown | [Link](/community/assessments/projects/opa) |
+| | Spiffe-Spire | Markdown | [Link](/community/assessments/projects/spiffe-spire) |
 | **Supply Chain Security** | | | |
 | | Software Supply Chain Best Practices | Markdown | [Link](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/sscsp.md) |
 | | | PDF | [Link](https://github.com/cncf/tag-security/raw/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf) |

website/Makefile

@@ -3,7 +3,6 @@ deps:
 
 	# Move select content from the root level into the website directory.
 	rsync -avv ../ root/ \
-	--include='assessments' --include='assessments/**' \
 	--include='governance' --include='governance/**' \
 	--include='publications' --include='publications/**' \
 	--include='community' --include='community/**' \