-
Notifications
You must be signed in to change notification settings - Fork 491
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Containerd Project Security Self-Assessment - Security Pals #1202
base: main
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for tag-security ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Hi there! I'm just starting to take a look at this, and I noticed that your pull request name isn't very descriptive. If you take a look at the Pull Requests page, you'll see that the pile can be a lot easier to navigate if we all use descriptive titles. That'll help reviewers move more quickly, and also it's a great practice to follow when you're doing future work on platforms like GitHub/GitLab/Bitbucket/etc. Instead of |
Containerd/self-assessment.md
Outdated
The Self-assessment is the initial document for projects to begin thinking about the | ||
security of the project, determining gaps in their security, and preparing any security | ||
documentation for their users. This document is ideal for projects currently in the | ||
CNCF **sandbox** as well as projects that are looking to receive a joint assessment and | ||
currently in CNCF **incubation**. | ||
|
||
For a detailed guide with step-by-step discussion and examples, check out the free | ||
Express Learning course provided by Linux Foundation Training & Certification: | ||
[Security Assessments for Open Source Projects](https://training.linuxfoundation.org/express-learning/security-self-assessments-for-open-source-projects-lfel1005/). | ||
|
||
# Self-assessment outline |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please go back to ensure that no template text like this is included here or in the rest of the document
Containerd/self-assessment.md
Outdated
@@ -0,0 +1,350 @@ | |||
# Self-assessment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Self-assessment | |
# Containerd Self-assessment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It appears that something got wonky with the commit history here. Same with the _index.md
file linked below. Please check your history and clean it up accordingly.
bc4388e
to
27c8e8a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @SassyQuatch47 and team, appreciate the efforts.
I have completed first pass of review and left a few comments on section that needs your attention. Please feel free to reach out here or on slack for any questions and clarifications.
Role: Leverage containerd for deploying, managing, and orchestrating containerized applications. | ||
Interaction: Engage with containerd through various interfaces and tools, contributing to the widespread adoption and integration of containerized solutions. | ||
|
||
### Actions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This section talks about the various functions/benefits of this project however it is meant to showcase the individual parts of your system that interact to provide the desired functionality.
Ref: https://github.com/cncf/tag-security/blob/main/assessments/guide/self-assessment.md#actors
Please update this section to include the right actors.
Containerd/self-assessment.md
Outdated
|
||
## Self-assessment use | ||
|
||
This self-assessment is created by the Containerd team to perform an internal analysis of the project's security. It is not intended to provide a security audit of Containerd, or function as an independent assessment or attestation of Containerd's security health. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please specify at the top which member of the maintainer team acted as an author on this? (Or otherwise rephrase)
|
||
https://azure.microsoft.com/en-us/updates/generally-available-containerd-support-for-windows-in-aks/ | ||
|
||
* Related Projects / Vendors: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please elaborate how these project/vendors relate to this project, and what the key differences between them are.
…f#1118) Bumps [postcss](https://github.com/postcss/postcss) to 8.4.31 and updates ancestor dependency [autoprefixer](https://github.com/postcss/autoprefixer). These dependencies need to be updated together. Updates `postcss` from 7.0.39 to 8.4.31 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.31) Updates `autoprefixer` from 9.5.0 to 10.4.16 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@9.5.0...10.4.16) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect - dependency-name: autoprefixer dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Nate-Smithline <nathan_m_smith@outlook.com>
Signed-off-by: Nate-Smithline <nathan_m_smith@outlook.com>
Signed-off-by: Nate-Smithline <nathan_m_smith@outlook.com> Co-authored-by: Vivek Radhakrishnan <vrk3366@nyu.edu> Co-authored-by: Swati Baleri <sb9156@nyu.edu> Co-authored-by: Sunny Li <sl9052@nyu.edu> Signed-off-by: Nate-Smithline <nathan_m_smith@outlook.com>
Signed-off-by: nomnomninja <150766910+nomnomninja@users.noreply.github.com> Signed-off-by: Nate-Smithline <nathan_m_smith@outlook.com>
Signed-off-by: Nate-Smithline <nathan_m_smith@outlook.com>
Signed-off-by: Sunny Li <100388296+sunnnnyli@users.noreply.github.com>
Containerd/self-assessment.md
Outdated
The Self-assessment is the initial document for projects to begin thinking about the | ||
security of the project, determining gaps in their security, and preparing any security | ||
documentation for their users. This document is ideal for projects currently in the | ||
CNCF **sandbox** as well as projects that are looking to receive a joint assessment and | ||
currently in CNCF **incubation**. | ||
|
||
# Self-assessment outline |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is superflous, see this example for what to remove
The Self-assessment is the initial document for projects to begin thinking about the | |
security of the project, determining gaps in their security, and preparing any security | |
documentation for their users. This document is ideal for projects currently in the | |
CNCF **sandbox** as well as projects that are looking to receive a joint assessment and | |
currently in CNCF **incubation**. | |
# Self-assessment outline |
Containerd/self-assessment.md
Outdated
|
||
## Metadata | ||
|
||
A table at the top for quick reference information, later used for indexing. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A table at the top for quick reference information, later used for indexing. |
Containerd/self-assessment.md
Outdated
Provide the list of links to existing security documentation for the project. You may | ||
use the table below as an example: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Provide the list of links to existing security documentation for the project. You may | |
use the table below as an example: |
Containerd/self-assessment.md
Outdated
|
||
## Overview | ||
|
||
Containerd is a Cloud Native Computing Foundation (CNCF) Project focused on providing the core functionalities for container orchestration. Specifically architected to focus on modularity and compatibility, this provides a secure and minimal approach making it a great option for integrating into different container systems. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Containerd is a Cloud Native Computing Foundation (CNCF) Project focused on providing the core functionalities for container orchestration. Specifically architected to focus on modularity and compatibility, this provides a secure and minimal approach making it a great option for integrating into different container systems. | |
Containerd is a container runtime focused on providing the core functionalities for managing container lifecycles. Specifically architected to focus on modularity and compatibility, it provides a secure and minimal approach making it a great option for integrating into different container orchestrators. |
Containerd/self-assessment.md
Outdated
|
||
Containerd, a fundamental tool in the realm of containerization, provides a dependable and standardized approach to managing containers. It is a lightweight yet powerful container runtime, ensuring a consistent and efficient experience. | ||
|
||
Originally developed by Docker, Inc. as an integral part of the Docker project, Containerd has evolved with the dynamic container ecosystem. Docker's decision to separate container runtime functionality led to Containerd, an independent project dedicated to container management. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Originally developed by Docker, Inc. as an integral part of the Docker project, Containerd has evolved with the dynamic container ecosystem. Docker's decision to separate container runtime functionality led to Containerd, an independent project dedicated to container management. | |
Originally developed by Docker, Inc. as an integral part of the Docker project, containerd has evolved with the dynamic container ecosystem. Docker's decision to separate container runtime functionality from the runc project led to containerd, an independent project dedicated to container management. |
Containerd/self-assessment.md
Outdated
|
||
**- Compatibility:** | ||
|
||
Aligned with the Open Container Initiative (OCI) specifications, Containerd ensures compatibility with other runtimes and tools adhering to the OCI standard. This compatibility facilitates easy transitions between container runtimes supporting OCI. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aligned with the Open Container Initiative (OCI) specifications, Containerd ensures compatibility with other runtimes and tools adhering to the OCI standard. This compatibility facilitates easy transitions between container runtimes supporting OCI. | |
Aligned with the Open Container Initiative (OCI) specifications, containerd ensures compatibility with other runtimes and tools adhering to the OCI standard. This compatibility facilitates easy transitions between container runtimes supporting OCI. |
Ensure the correct name containerd
is used everywhere that it's not starting a sentence. See https://www.docker.com/blog/what-is-containerd-runtime/ for an example
Containerd/self-assessment.md
Outdated
|
||
**- Containerd Core:** | ||
|
||
Role: Serves as the core orchestration engine, managing the complete lifecycle of containers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Role: Serves as the core orchestration engine, managing the complete lifecycle of containers. | |
Role: The core container orchestration engine, managing the complete container lifecycle. |
Containerd/self-assessment.md
Outdated
|
||
**- Image Registries:** | ||
|
||
Role: Acts as repositories for container images, collaborating with containerd in tasks such as image pulling, pushing, and managing metadata. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Role: Acts as repositories for container images, collaborating with containerd in tasks such as image pulling, pushing, and managing metadata. | |
Role: Repositories for container images, providing storage and retrieval for containerd in tasks such as image pulling, pushing, and metadata management. |
Containerd/self-assessment.md
Outdated
|
||
## Self-assessment use | ||
|
||
This self-assessment was authored by Swati Baleri, Vivek Radhakrishnan, Swati Baleri, Sunny Li, and Nathan Smith with a format established by the Containerd maintainers. The purpose of this document is to perform an internal analysis of the project's security. It is not intended to provide a security audit of Containerd, or function as an independent assessment or attestation of Containerd's security health. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This self-assessment was authored by Swati Baleri, Vivek Radhakrishnan, Swati Baleri, Sunny Li, and Nathan Smith with a format established by the Containerd maintainers. The purpose of this document is to perform an internal analysis of the project's security. It is not intended to provide a security audit of Containerd, or function as an independent assessment or attestation of Containerd's security health. | |
This self-assessment was authored by Swati Baleri, Vivek Radhakrishnan, Sunny Li, and Nathan Smith with a format established by the Containerd maintainers. The purpose of this document is to perform an internal analysis of the project's security. It is not intended to provide a security audit of Containerd, or function as an independent assessment or attestation of Containerd's security health. |
Signed-off-by: Nate-Smithline <nathan_m_smith@outlook.com>
Signed-off-by: Nate-Smithline <nathan_m_smith@outlook.com>
Containerd/self-assessment.md
Outdated
# Containerd Self-assessment | ||
|
||
## Table of contents |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Containerd Self-assessment | |
## Table of contents | |
# Containerd Self-assessment | |
This assessment was created by community members as part of the [Security Pals](https://github.com/cncf/tag-security/issues/1102) process and is currently pending changes from the maintainer team. | |
## Table of contents |
Containerd/self-assessment.md
Outdated
| | | | ||
| -- | -- | | ||
| Software | [containerd](https://github.com/containerd/containerd) | | ||
| Security Provider | No | | ||
| Languages | Go, C++ | | ||
| SBOM | [Packages](https://github.com/containerd/containerd/tree/main/pkg) [Versions](https://github.com/containerd/containerd/tree/main/version) | | ||
| | | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| | | | |
| -- | -- | | |
| Software | [containerd](https://github.com/containerd/containerd) | | |
| Security Provider | No | | |
| Languages | Go, C++ | | |
| SBOM | [Packages](https://github.com/containerd/containerd/tree/main/pkg) [Versions](https://github.com/containerd/containerd/tree/main/version) | | |
| | | | |
| | | | |
| -- | -- | | |
| Assessment Stage | Incomplete | | |
| Software | [containerd](https://github.com/containerd/containerd) | | |
| Security Provider | No | | |
| Languages | Go, C++ | | |
| SBOM | [Packages](https://github.com/containerd/containerd/tree/main/pkg) [Versions](https://github.com/containerd/containerd/tree/main/version) | | |
| | | |
Co-authored-by: torinvdb <65670557+torinvdb@users.noreply.github.com> Signed-off-by: Raga <ragashreeshekar@gmail.com>
Co-authored-by: torinvdb <65670557+torinvdb@users.noreply.github.com> Signed-off-by: Raga <ragashreeshekar@gmail.com>
@SassyQuatch47 Kindly address the pending suggestions. We (maintainers) do not have the permissions to update the PR hence we look forward to your updates. In the event it is not feasible, feel free to extend the permissions to us and we are happy to make the updates on your behalf. Thanks! |
Hi @ragashreeshekar , I apologize for the delay. We have given you permissions to update this PR. If any further issues come up, do let us know and we'd be happy to help! |
Containerd Project Self-Assessment
Nathan Smith
Sunny Li
Swati Baleri
Vivek Radhakrishnan
Created and added first draft for OpenMetrics Project Security Self-Assessment.
Please feel free to share your feedback on the security self-assessment.