Merge branch 'main' into main

cncf · Aug 27, 2024 · 80ab040 · 80ab040
2 parents 388a9ef + 1b652b1
commit 80ab040
Show file tree

Hide file tree

Showing 294 changed files with 3,340 additions and 1,423 deletions.
diff --git a/.github/ISSUE_TEMPLATE/blog-submission.md b/.github/ISSUE_TEMPLATE/blog-submission.md
@@ -0,0 +1,18 @@
+---
+name: Blog Submission
+about: Propose and author a blog article for publication on the tag-security.cncf.io website
+title: "[Blog] some descriptive title"
+labels: "blog, triage-required"
+assignees: ''
+
+---
+
+Description: What's your idea?
+
+Impact: What is the purpose of this blog post? 
+
+Sponsor: If applicable mention a related issue or the related working group this blog originates from.
+
+Additional info:
+- Reference to supporting material
+- Links to related site
diff --git a/.github/ISSUE_TEMPLATE/joint-review.md b/.github/ISSUE_TEMPLATE/joint-review.md
@@ -23,10 +23,10 @@ Security Provider: yes/no (e.g. Is the primary function of the project to suppor
   - [ ] Project security lead
   - [ ] Lead security reviewer
   - [ ] 1 or more additional reviewer(s)
-  - [ ] Every reviewer has read [security reviewer guidelines](https://github.com/cncf/tag-security/blob/main/assessments/guide/security-reviewer.md) and stated declaration of conflict
+  - [ ] Every reviewer has read [security reviewer guidelines](/community/assessments/guide/joint-assessment.md) and stated declaration of conflict
   - [ ] Sign off by facilitator on reviewer conflicts
 - [ ] Create slack channel (e.g. #sec-assess-projectname)
-- [ ] Project lead provides draft document - see [outline](https://github.com/cncf/tag-security/blob/main/assessments/guide/joint-review.md)
+- [ ] Project lead provides draft document - see [outline](/community/assessments/guide/joint-assessment.md)
 - [ ] "Naive question phase" Lead Security Reviewer asks clarifying questions
 - [ ] Assign issue to security reviewers
 - [ ] Initial review

diff --git a/.github/ISSUE_TEMPLATE/presentation.md b/.github/ISSUE_TEMPLATE/presentation.md
@@ -20,3 +20,4 @@ TO DO
 - [ ] TAG Representative
 - [ ] Schedule date
 - [ ] By opening this issue, I, (Insert Github Handle/Name) acknowledge that the presentation topic and speaker will follow the [presentation guidelines](../CONTRIBUTING.md#present-to-the-tag)
+- [ ] If this is a presentation for a project moving levels, the TAG Representative should complete the [Moving Levels Recommendation](../project-resources/moving-levels-review-template.md)
diff --git a/.github/auto_request_review.yml b/.github/auto_request_review.yml
@@ -19,7 +19,6 @@ reviewers:
       - JustinCappos
       - achetal01
       - ashutosh-narkar
-      - anvega
       - PushkarJ
       - mnm678
       - mlieberman85

diff --git a/.github/workflows/sig-sec-check.yml b/.github/workflows/sig-sec-check.yml
@@ -11,27 +11,27 @@ jobs:
   Setup:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Setup
         run: make setup
   Lint:
     runs-on: ubuntu-latest
     needs: Setup
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Lint
         run: make lint
   Spelling:
     runs-on: ubuntu-latest
     needs: Setup
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Spelling
         run: make spelling
   Links:
     runs-on: ubuntu-latest
     needs: Setup
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Links
         run: make links
diff --git a/CODE-OF-CONDUCT.md b/CODE-OF-CONDUCT.md
@@ -120,5 +120,5 @@ The above guidelines are inspired by and borrowed from other communities:
 
 [cncf-coc]: https://github.com/cncf/foundation/blob/master/code-of-conduct.md  
 [charter]: https://github.com/cncf/tag-security/blob/main/governance/charter.md
-[review-outcome]: https://github.com/cncf/tag-security/tree/main/assessments#outcome
+[review-outcome]: /community/assessments#outcome
 [cncf-toc]: https://www.cncf.io/people/technical-oversight-committee/
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -197,7 +197,7 @@ Here are some additional sources for good content guidelines:
 [CODE-OF-CONDUCT.md]: CODE-OF-CONDUCT.md
 [help is needed]: https://github.com/cncf/tag-security/labels/help%20wanted
 [communication channels]: README.md#Communications
-[security reviews]: ./assessments/README.md
+[security reviews]: /community/assessments/README.md
 [CNCF Slack guidelines]: https://github.com/cncf/foundation/blob/main/slack-guidelines.md
 [code of conduct]: ./CODE-OF-CONDUCT.md
 [CNCF Style Guide]: https://github.com/cncf/foundation/blob/main/style-guide.md

diff --git a/LICENSE-code b/LICENSE-code