You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CNCF maintains a website that checks for various compliance things. One of the sections is Security. Vitess scores quite poorly on this because we are missing quite a few things in their list. You can see the current scorecards at https://clomonitor.io/projects/cncf/vitess. We would like to improve the score on the Security section, and improve our security posture along the way.
Breakdown of tasks
Dependency policy
Software Bill of Materials (SBOM)
Security insights
Signed releases
Expected outcomes
Complete a majority of the tasks listed in this issue. It is expected that SBOM will be the most intensive part of the project.
Recommended Skills
GitHub Actions
Docker
Ability to learn quickly
Written communication skills
Familiarity with SBOM and or SPDX is a plus
The text was updated successfully, but these errors were encountered:
Introduction
CNCF maintains a website that checks for various compliance things. One of the sections is Security. Vitess scores quite poorly on this because we are missing quite a few things in their list. You can see the current scorecards at https://clomonitor.io/projects/cncf/vitess. We would like to improve the score on the Security section, and improve our security posture along the way.
Breakdown of tasks
Expected outcomes
Complete a majority of the tasks listed in this issue. It is expected that SBOM will be the most intensive part of the project.
Recommended Skills
The text was updated successfully, but these errors were encountered: