Comments (37)
I'm thinking we should consider a static site generator like Hugo -- then we can keep meta-data in machine readable front-matter (though we could publish markdown as interim step, since I read that github now displays yaml front-matter)
from tag-security.
I'll help you, will build a first alpha prototype that we can use to discuss the information, content and appearance. ;-)
from tag-security.
@petermbenjamin added to TODO list -- need to follow-up with Amye to get an intro to the CNCF person who can answer whether there are any preferences on their side for URLs or visual styling.
I did nab cloud-native-security.info
a while ago (before we started the CNCF WG / SIG process) and happy to donate that if people like it and we want / need our own domain. Though I do like security.cncf.io
which seems more concise and readable.
from tag-security.
@mhausenblas will kick off an email thread to find the right person to coordinate with and cc you. It would be great if you could track that thread and update here as we learn answers
from tag-security.
hey @lucperkins from the CNCF can sketch out a simple hugo+netlify site
we can do something like sig-security.cncf.io
from tag-security.
@mhausenblas I've updated the site in progress with the desired front page content as well as a search bar: https://sig-security.netlify.com/.
I've left the previous documents in place largely to demonstrate the search functionality. They'll be removed later.
from tag-security.
@ultrasaurus I can help on the curation. Here is a first draft of the content that I think we can cover @vicenteherrera that's some good work already, thanks. Please let me know your thoughts as well, and how we could articulate this in the site you are building. `
Who we are
Our Charter - https://github.com/cncf/tag-security/blob/main/governance/charter.md#sig-security-charter
History
- TAG-Security - renamed STAG (TOC Issue 549)
- SAFE WG - renamed to CNCF Security TAG
- (Proposed) CNCF Policy Working Group - Merged into SAFE WG
Our brand - https://github.com/cncf/tag-security/tree/main/design
Our team
- Chairs
- Tech Leads
- Contributors
What we've done
Repository - https://github.com/cncf/tag-security
Papers
Cloud Native 8 - https://github.com/cncf/tag-security/blob/main/security-whitepaper/secure-defaults-cloud-native-8.md
Cloud Native Security Whitepaper
Supply chain Security Whitepaper - https://github.com/cncf/tag-security/tree/main/supply-chain-security/supply-chain-security-paper
Secure Software Factory Whitepaper - https://github.com/cncf/tag-security/tree/main/supply-chain-security/secure-software-factory
Cloud Native Security Controls Catalog - https://github.com/cncf/tag-security/blob/main/cloud-native-controls/phase-one-announcement.md
Cloud Native Security Map - https://github.com/cncf/tag-security/tree/main/security-whitepaper/cnsmap
Cloud Native Security Lexicon - https://github.com/cncf/tag-security/tree/main/security-lexicon
Presentations
Security assessments
- Buildpacks - https://github.com/cncf/tag-security/tree/main/assessments/projects/buildpacks
- Cloud Custodian - https://github.com/cncf/tag-security/tree/main/assessments/projects/custodian
- Harbor - https://github.com/cncf/tag-security/tree/main/assessments/projects/harbor
- In-toto - https://github.com/cncf/tag-security/tree/main/assessments/projects/in-toto
- Keycloak - https://github.com/cncf/tag-security/tree/main/assessments/projects/keycloak
- Kyverno - https://github.com/cncf/tag-security/tree/main/assessments/projects/kyverno
- OPA - https://github.com/cncf/tag-security/tree/main/assessments/projects/opa
- Spiffe-Spire - https://github.com/cncf/tag-security/tree/main/assessments/projects/spiffe-spire
Policy - https://github.com/cncf/tag-security/tree/main/policy
Events - https://github.com/cncf/tag-security/blob/main/cloud_native_security.md
How do we do this
STAG charter outlines the scope of our group activities, as part of our governance process which details how we work.
Top 5 things we are working on
- SecurityCon at KubeCon+CloudNativeCon NA 2022 - SecurityCon at KubeCon+CloudNativeCon NA 2022 #939
- Cloud Native Security Controls Catalog v2 - Cloud Native Security Controls Mapping to NIST ( Phase II for #635) #845
- Serverless Security Whitepaper - Serverless Security White Paper - Cloud Native Security Best Practices #546
- Cloud Native Security Map v2 - [Proposal] CNCF Cloud Native Security Map - v2 #737
- Cloud Native Security Whitepaper - Audio project - Audio recordings of CNCF Security Papers #606
How to get involved
Contributors
Slack channel
- Hangout in the CNCF Slack
- Our channel is #tag-security
Mailing list
- Join our mailing list at CNCF Lists TAG-Security
- Join the Mailing List to receive the calendar meeting invite.
Meeting calendar
- CNCF Event Calendar
- We meet every Wednesday at 10 am PT| 1 pm ET| 6 pm GMT
Zoom
- Join our call live on Zoom
- cncftagsecurity passcode: 77777
YouTube channel
- Missed a meeting?
- No drama - catch up from a recording!
Contact us
- Chairs - [email protected]
- Chairs & Tech Leads - [email protected]
Security assessments
Guide - https://github.com/cncf/tag-security/tree/main/assessments/guide
Contact us
- Chairs - [email protected]
- Chairs & Tech Leads - [email protected]`
Related issues
- [Suggestion] Improve new member experience, allow easier involvement/induction #666
- [Proposal] "landing page" for new visitors #826
Potentially related issues
@vicenteherrera, please share if there is any update.
Some of the planned content is now available within the TAG repository:
- Who we are, what do we do, and how do we do them? - https://github.com/cncf/tag-security/#readme
- Published whitepapers, reference architecture and resources are available at https://github.com/cncf/tag-security/blob/main/PUBLICATIONS.md
- Resources for projects - https://github.com/cncf/tag-security/tree/main/project-resources
from tag-security.
here are some ideas of data representations for the presentations: https://github.com/ultrasaurus/safe/tree/presentation-page-format/presentations
from tag-security.
I like the idea of having a directory structure that is indicative of the type of meeting transcripts that are included in that dir. Maybe each dir could have its own README with an index of the file inside? Or we could use a static site generator.
from tag-security.
@ultrasaurus count me in. I've done a couple of sites with GitHub/Hugo combo already, the main question is where to host it. I usually use Amplify but I acknowledged the fact that Netlify is more popular (and arguably I'm biased re the former ;)
from tag-security.
Have we determined if this micro-site going to live as a subdomain on cncf.io or on its own domain?
from tag-security.
@ultrasaurus would you mind stating if you take care of it or want me to do it?
from tag-security.
Thanks, @ultrasaurus … yo @lucperkins can we sync regarding the micro-site, this week, please? My current understanding is that you'd be looking after infra (Hugo, hosting, etc.) and I more after the content? I suppose a quick (20min) meeting to resolve it would be ideal?
from tag-security.
Status update: I'm working on something that's publicly available at https://sig-security.netlify.com. I'm building that from my personal fork of this repo: https://github.com/lucperkins/sig-security/tree/lperkins/website. It's definitely a WIP but I think a decent skeleton for iteration.
If it would be beneficial, I can submit a PR and we can discuss/collaborate there.
from tag-security.
@lucperkins: today @ultrasaurus and I sat together and developed a battle plan. Here's what we decided:
- We continue to use your fork, please use #195 as the landing page content
- Please add a client-side site search functionality
- I will work on the presentation details content in my own fork, based on Sarah's templates
We can discuss details or open questions on the sig-security-web
channel.
from tag-security.
Awesome, thank you @lucperkins!
from tag-security.
Sorry for the long silence. Week after next (re:Invent) I'm back on track and wanted to see where we are with this issue and where/how I can contribute @ultrasaurus
from tag-security.
interested :)
from tag-security.
@vinayvenkat tagging you here for awareness/interest
we'll need to define an editorial team to curate content, field content. this applies to the microblog #451 issue as well - at least to get started.
@pragashj mentioned a potential subdomain upcoming? security.cncf.io ? need POC to confirm and help figure this out.
from tag-security.
Happy to help with this.
from tag-security.
Yep, seems like a great idea for discoverability and lots of stated points.
from tag-security.
I would like to see if we can create some alignment with the work around #551 , I think there could be possibly be a part of the same site as the CNSmap, https://cnsmap.vercel.app/
So maybe we could have Cloud Native Security Map be one section and have "Presentations" or other subsections in which everyone can contribute to. The current templating we have for the CNSmap is based on markdown, so technically we could work it in a way to reflect content of the repo well.
from tag-security.
Updating the issue comment for freshness of issue state
from tag-security.
This issue has been automatically marked as inactive because it has not had recent activity.
from tag-security.
The plan is to have the CNSMap site evolve to become the microsite. The next usecase to expand on would be the Cloud native security lexicon #735 .
from tag-security.
This issue has been automatically marked as inactive because it has not had recent activity.
from tag-security.
K8s SIGs have something similar as a service for sub-projects: https://github.com/kubernetes/community/blob/master/github-management/subproject-site-requests.md
from tag-security.
Following up on a discussion w/ @lumjjb on this ticket: I've helped a few friends + colleagues use ReadTheDocs/sphinx/rST
for sites. Works quite nicely for developer-driven documents, easy to setup a build + publish pipeline in Concourse and/or GitHub Actions. Also supports citations, cross-referencing, "code as documentation", etc.
Examples:
- https://iaxes.github.io/pronk8s/sections/build_patterns.html
- https://fd.io/docs/vpp/v2101/reference/readthedocs/index.html
I'd be able to throw together a demo pretty quickly, if there's interest.
from tag-security.
There were plenty of people willing to do the technical work, include CNCF staff who are available to help. What this project has always lacked is someone who is willing to curate content and, as needed, write/edit overview text for sections of the site.
from tag-security.
@ultrasaurus I can help on the curation.
Here is a first draft of the content that I think we can cover
@vicenteherrera that's some good work already, thanks. Please let me know your thoughts as well, and how we could articulate this in the site you are building.
`
Who we are
-
Our Charter - https://github.com/cncf/tag-security/blob/main/governance/charter.md#sig-security-charter
-
History
- TAG-Security - renamed STAG (TOC Issue 549)
- SAFE WG - renamed to CNCF Security TAG
- (Proposed) CNCF Policy Working Group - Merged into SAFE WG
-
Our brand - https://github.com/cncf/tag-security/tree/main/design
-
Our team
- Chairs
- Tech Leads
- Contributors
What we've done
-
Repository - https://github.com/cncf/tag-security
-
Papers
- Cloud Native 8 - https://github.com/cncf/tag-security/blob/main/security-whitepaper/secure-defaults-cloud-native-8.md
- Cloud Native Security Whitepaper
- Supply chain Security Whitepaper - https://github.com/cncf/tag-security/tree/main/supply-chain-security/supply-chain-security-paper
- Secure Software Factory Whitepaper - https://github.com/cncf/tag-security/tree/main/supply-chain-security/secure-software-factory
- Cloud Native Security Controls Catalog - https://github.com/cncf/tag-security/blob/main/cloud-native-controls/phase-one-announcement.md
- Cloud Native Security Map - https://github.com/cncf/tag-security/tree/main/security-whitepaper/cnsmap
- Cloud Native Security Lexicon - https://github.com/cncf/tag-security/tree/main/security-lexicon
-
Presentations
-
Security assessments
- Buildpacks - https://github.com/cncf/tag-security/tree/main/assessments/projects/buildpacks
- Cloud Custodian - https://github.com/cncf/tag-security/tree/main/assessments/projects/custodian
- Harbor - https://github.com/cncf/tag-security/tree/main/assessments/projects/harbor
- In-toto - https://github.com/cncf/tag-security/tree/main/assessments/projects/in-toto
- Keycloak - https://github.com/cncf/tag-security/tree/main/assessments/projects/keycloak
- Kyverno - https://github.com/cncf/tag-security/tree/main/assessments/projects/kyverno
- OPA - https://github.com/cncf/tag-security/tree/main/assessments/projects/opa
- Spiffe-Spire - https://github.com/cncf/tag-security/tree/main/assessments/projects/spiffe-spire
-
Policy - https://github.com/cncf/tag-security/tree/main/policy
-
Events - https://github.com/cncf/tag-security/blob/main/cloud_native_security.md
How do we do this
STAG charter outlines the scope of our group activities, as part of our governance process which details how we work.
Top 5 things we are working on
- SecurityCon at KubeCon+CloudNativeCon NA 2022 - #939
- Cloud Native Security Controls Catalog v2 - #845
- Serverless Security Whitepaper - #546
- Cloud Native Security Map v2 - #737
- Cloud Native Security Whitepaper - Audio project - #606
How to get involved
-
Contributors
-
Slack channel
- Hangout in the CNCF Slack
- Our channel is #tag-security
-
Mailing list
- Join our mailing list at CNCF Lists TAG-Security
- Join the Mailing List to receive the calendar meeting invite.
-
Meeting calendar
- CNCF Event Calendar
- We meet every Wednesday at 10 am PT| 1 pm ET| 6 pm GMT
-
Zoom
- Join our call live on Zoom
- cncftagsecurity passcode: 77777
-
YouTube channel
- Missed a meeting?
- No drama - catch up from a recording!
-
Contact us
- Chairs - [email protected]
- Chairs & Tech Leads - [email protected]
-
-
Security assessments
- Guide - https://github.com/cncf/tag-security/tree/main/assessments/guide
- Contact us
- Chairs - [email protected]
- Chairs & Tech Leads - [email protected]`
Related issues
Potentially related issues
from tag-security.
Thanks for the proposed structure, I'll try to incorporate that to my test!
I've been preparing a test website, you can see it at: https://vicenteherrera.com/stag-web/
Code lives at the repo here: https://github.com/vicenteherrera/stag-web
Some interesting characteristics about it for this group:
- Based on Jekyll (an open source ruby tool) and an open source theme
- It generates a static website (plain HTML), that can be hosted on GitHub pages (as it shows in the test repo here), so less vulnerabilities to deal with, very quick rendering, and using GitHub as a free host (you can even associate your own domain to GitHub pages as I did).
- Editing content is easy even if you don't know about web development using just markdown files like this one (that generates this url) Even blog posts are just markdown files.
- When somebody wants to propose a change, he/she can open a PR that can be commented and accepted. You can render and browse a local version on your computer to check modifications.
- The theme is quite clean and nice, it includes possibility of two menu navigation levels (horizontal and vertical) that gives flexibility to incorporate a lot of static pages not associated specifically to blog posts, as well as many other options.
I plan to work putting @ragashreeshekar shared content into this test, and when it's more mature, we can discuss the best way to really publish it and manage it.
from tag-security.
this is great to see! Thought I would chime in with some historical notes, in case it's helpful..
When we were looking at this long ago, we were thinking of having it be a view of the main repo (with slight changes to structure if needed), so that new content would also appear in the repo itself. It has been a long time since I used Jekyll, but I think most static site generators have flexibility to pull templates from a sub-directory and markdown content from multiple directories. Just a thought. Happy to talk sometime 1-1 or small group if helpful (just reach out on Slack)
from tag-security.
@ultrasaurus Thanks, @vicenteherrera, and I will surely get connected to you.
Hope the initial approach is ok, and we will reach out with some progress. Pls let us know your thoughts
from tag-security.
@ultrasaurus You are right. There are several options for a GitHub page: root folder, specific folder, different branch, and of course, different repository.
I believe same repository and using a specific directory (like "website") may be the better approach. That way you have the website content version linked to the rest of the content of the repository very easily, and the same review process to accept a PR should be in place.
In my case, right now I just want to build a proof of concept, where I can experiment without tainting the original repo with branches, and a lot of false start commits. Right now I've tested already three different themes (from which I forked their own repositories), and I think I will transition from having all the files of the theme in the repo, to just reference it for a cleaner directory, so people that doesn't know Jekyll a lot don't have to filter those out to get to the relevant ones.
But I think this theme is useful for us, and with @ragashreeshekar proposed structure it won't take long until we have a POC that we can use to discuss the final content and move to the main repository.
from tag-security.
This issue has been automatically marked as inactive because it has not had recent activity.
from tag-security.
This issue has been automatically marked as inactive because it has not had recent activity.
from tag-security.
Closing now that we have https://tag-security.cncf.io/. To further the discussion on refinement and maintenance of the site, feel free to file issues against the site repository directly.
from tag-security.
Related Issues (20)
- [Security Self-Assessment] Antrea HOT 1
- [Security Self-Assessment] Jaeger
- Do we want feedback buttons on pages of the site? HOT 1
- [Presentation] Auto VEX generation for projects with Kubescape Operator HOT 3
- Supply Chain Security Policy Writeup HOT 5
- vSphere CSI Driver Overview
- [Security Review] Compliance TAG process and artifacts progress HOT 3
- Compliance Working Group in TAG Security HOT 12
- Automated Governance Reference Architecture HOT 28
- [Presentation] OpenCRE.org and CNCF, standard harmonization usecases for the modern cloud HOT 3
- Software Supply Chain Best Practices v2 HOT 4
- GH actions are always failing to Git safe directory error, but returning success
- [Proposal] Implementation Initiatives WG HOT 5
- Conference Talk Proposal HOT 1
- List of Conference Talks to submit CFP HOT 1
- CloudNativeSecurityCon 2024
- Security Hub KubeCon EU 2024 HOT 1
- [Suggestion] CNCF Compliance WG HOT 1
- [TSSA] OpenFGA HOT 24
- [Presentation] Ratify project introduction and demo for CNCF Sandbox application HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tag-security.