Audit and align governance, contribution, and security docs with CNCF guidelines #5363
Assignees
Labels
help wanted
Features that maintainers are willing to accept but do not have cycles to implement
Comments
yurishkuro
added
the
help wanted
|
I will take a look at this one. I will compare the guidelines and try to normalize the DEVELOP, CONTRIBUTING, GUIDELINES and the website https://www.jaegertracing.io/get-involved/. |
|
Security scanning fix : #5364 Jaeger doesn't have and likely doesn't need elections or subproject governance. Open question, do we want to improve the OpenSSF score? https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger It would mean implementing Fuzzing, fixing permissions on tokens minimally. |
+1 to fix tokens. Fuzzing is a pretty specialized domain, I don't have any expertise in it. It's not that I mind having fuzzing tests, but I am not particularly eager to invest time and I cannot really guide anyone if we make it a help-wanted issue.. |
jkowall
added a commit
that referenced
this issue
Apr 16, 2024
…5365) Only changes in md for this one Adding MAINTAINERS.md, and fixing a 404 in GOVERNANCE.md Fixing CODE_OF_CONDUCT per template : https://github.com/cncf/project-template/blob/main/CODE_OF_CONDUCT.md Working on : #5363 --------- Signed-off-by: Jonah Kowall <jkowall@kowall.net> Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com>
Merged
yurishkuro
pushed a commit
that referenced
this issue
Apr 17, 2024
Fixed typo, thanks for the catch @yurishkuro re: #5363 Signed-off-by: Jonah Kowall <jkowall@kowall.net>
This was referenced Apr 17, 2024
yurishkuro
pushed a commit
that referenced
this issue
Apr 17, 2024
This attempts to solve the following issue with our security rating around token permissions on the scorecard : https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger  ## Which problem is this PR solving? Part of #5363 ## Description of the changes Moving write permissions into the jobs ## How was this change tested? It will be tested after the PR is submitted as the jobs do not fully run on my fork. ## Checklist - [x] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [x] I have signed all commits - [NA] I have added unit tests for the new functionality - [NA] I have run lint and test steps successfully Signed-off-by: Jonah Kowall <jkowall@kowall.net>
This was referenced Apr 17, 2024
Merged
Merged
yurishkuro
pushed a commit
that referenced
this issue
Apr 23, 2024
## Which problem is this PR solving? This adds the artifact hub badge for Jaeger, which will be official once the last PR is pushed from the helm chart repo. #5363 ## Description of the changes Add new image on README.md ## How was this change tested? Tested on Github branch ## Checklist - [X] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [X] I have signed all commits - [NA] I have added unit tests for the new functionality - [NA] I have run lint and test steps successfully - for `jaeger`: `make lint test` - for `jaeger-ui`: `yarn lint` and `yarn test` Signed-off-by: Jonah Kowall <jkowall@kowall.net>
2 tasks
|
Opened this issue to get official in Artifact Hub : artifacthub/hub#3787 |
varshith257
pushed a commit
to varshith257/jaeger
that referenced
this issue
May 3, 2024
…aegertracing#5365) Only changes in md for this one Adding MAINTAINERS.md, and fixing a 404 in GOVERNANCE.md Fixing CODE_OF_CONDUCT per template : https://github.com/cncf/project-template/blob/main/CODE_OF_CONDUCT.md Working on : jaegertracing#5363 --------- Signed-off-by: Jonah Kowall <jkowall@kowall.net> Co-authored-by: Yuri Shkuro <yurishkuro@users.noreply.github.com> Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
varshith257
pushed a commit
to varshith257/jaeger
that referenced
this issue
May 3, 2024
Fixed typo, thanks for the catch @yurishkuro re: jaegertracing#5363 Signed-off-by: Jonah Kowall <jkowall@kowall.net> Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
varshith257
pushed a commit
to varshith257/jaeger
that referenced
this issue
May 3, 2024
…5370) This attempts to solve the following issue with our security rating around token permissions on the scorecard : https://securityscorecards.dev/viewer/?uri=github.com/jaegertracing/jaeger  ## Which problem is this PR solving? Part of jaegertracing#5363 ## Description of the changes Moving write permissions into the jobs ## How was this change tested? It will be tested after the PR is submitted as the jobs do not fully run on my fork. ## Checklist - [x] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [x] I have signed all commits - [NA] I have added unit tests for the new functionality - [NA] I have run lint and test steps successfully Signed-off-by: Jonah Kowall <jkowall@kowall.net> Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
varshith257
pushed a commit
to varshith257/jaeger
that referenced
this issue
May 3, 2024
## Which problem is this PR solving? This adds the artifact hub badge for Jaeger, which will be official once the last PR is pushed from the helm chart repo. jaegertracing#5363 ## Description of the changes Add new image on README.md ## How was this change tested? Tested on Github branch ## Checklist - [X] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [X] I have signed all commits - [NA] I have added unit tests for the new functionality - [NA] I have run lint and test steps successfully - for `jaeger`: `make lint test` - for `jaeger-ui`: `yarn lint` and `yarn test` Signed-off-by: Jonah Kowall <jkowall@kowall.net> Signed-off-by: Vamshi Maskuri <gwcchintu@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TAG Security has prepared Security Guidelines for new projects on contribute.cncf.io that are worth reviewing to refresh and refamiliarize your project’s configuration and settings. There are also a variety of templates available to assist projects in bootstrapping any governance structure or process they may currently be missing. As your project grows, we encourage projects to leverage the TAG Contributor Strategy’s contributor ladder framework to create structure, expectations, and clear roles and responsibilities for welcoming and inviting contributors to take on more leadership roles within a project. Migrating to this framework can support projects and proactively manage contributions without creating or embellishing a sense of urgency.
The text was updated successfully, but these errors were encountered: