You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SELF_ASSESSMENT.md
+2-4Lines changed: 2 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ This document evaluates the security posture of the Open Cluster Management (OCM
35
35
| Security Provider? | No. OCM is designed to enable end-to-end visibility and control across multiple Kubernetes clusters. Security is not the primary objective.|
36
36
| Languages | Go, Shell, Python, Makefile, Dockerfile |
37
37
| Software Bill of Materials |[FOSSA Scan](https://app.fossa.com/projects/git%2Bgithub.com%2Fopen-cluster-management-io%2Focm/refs/branch/main/c05247840ad6e69cad82f7d42e2217b953181dff/preview)|
38
-
| Security Links |[Security Report](https://open-cluster-management.io/docs/security/)<br>Creation of a security-insights.yml is planned and will be addressed in upcoming releases.|
@@ -205,8 +205,6 @@ The OCM security policy is maintained in the website [Security page](https://ope
205
205
206
206
The OCM project accepts vulnerability reports through the email [[email protected]](mailto:[email protected]), a maintainer will collaborate directly with the reporter through the email or Slack direct message until it is resolved.
207
207
208
-
TODO: Consider [enabling the GitHub private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability).
209
-
210
208
### Incident Response
211
209
212
210
In the event that a vulnerability is reported, the maintainer team will collaborate to determine the validity and criticality of the report. Based on these findings, the fix will be triaged and the maintainer team will work to issue a patch in a timely manner.
@@ -220,7 +218,7 @@ Patches will be made to the most recent three minor releases. Information will b
220
218
- OpenSSF Best Practices
221
219
- OCM has attained the Open Source Security Foundation(OpenSSF) Best Practices Badge, refer to https://bestpractices.coreinfrastructure.org/projects/5376.
222
220
- Case Studies
223
-
- All apoters can be found at [adopters-list](https://github.com/open-cluster-management-io/ocm/blob/main/ADOPTERS.md).
221
+
- All adopters can be found at [adopters-list](https://github.com/open-cluster-management-io/ocm/blob/main/ADOPTERS.md).
224
222
- TODO: Add 2 examples
225
223
- Related Projects / Vendors
226
224
-**Karmada**: [Karmada](https://karmada.io/) (Kubernetes Armada) is a Kubernetes management system that can manage cloud-native applications across multiple Kubernetes clusters and clouds, with no changes to the applications.
0 commit comments