[TSSA] OpenFGA #1236
Comments
|
Sorry, I missed this. There is a security review template such as the one used here: #1079 Can you fill out an issue with this template? You can @ me or assign it to me and I'll get the rest going. |
Issue updated. @JustinCappos |
JustinCappos
added
the
assessment
|
I'll assist with this as needed |
|
Okay, please read the security reviewer guidelines and indicate if you have any conflicts. |
|
@JustinCappos thanks — no soft or hard conflicts of interest |
|
@mnm678 @ragashreeshekar @PushkarJ @sublimino @anvega Can you all please try to drum up volunteers in the weekly meetings? I'll do this as well, but will have some conflicts for the foreseeable future. We need 2-3 more, including someone to volunteer as lead! |
|
Happy to be an additional reviewer. No soft or hard conflicts of interest. |
|
I would like to participate as an observer. This would be my first engagement with a security assessment of an open source project. Please let me know how can I help. Thank you. |
|
@wibarre, okay great! Please read the security reviewer guidelines and indicate if you have any conflicts. |
|
@JustinCappos I do not have soft or hard conflicts of interest. |
|
@JustinCappos , would like to jump in as a reviewer, no hard or soft conflicts of interest. I don't see a slack channel yet, will watch out for it. :-)
|
|
@eddie-knight Can I promote you to the lead? We need an assessment lead and I'm working on another assessment now. (I can provide guidance as is needed.) |
Thanks, I updated the issue. The lead will create one for the assessment. |
or maybe @ashutosh-narkar would be more appropriate since @eddie-knight hasn't done a joint assessment before. Can you take this one as lead, @ashutosh-narkar ? |
Hey Justin, it would be best if I'm a reviewer for this one. Thanks. |
|
@JustinCappos @ashutosh-narkar I can volunteer as lead - since I have coincidentally been reviewing OpenFGA and have lead before (admittedly some time back so will need a nudge now and then on the new processes/formatting) or maybe better to co-lead with @eddie-knight to facilitate more leads :) AND have (re)reviewed the reviewer guidelines and specifically lead and have no conflicts |
|
@sunstonesecure-robert Okay, great! I think you're all set up! (I did the chairs signoff for conflicts, because it is my understanding the assessment facilitator may do so.) |
|
@sunstonesecure-robert You can pull me in on every step! Thanks for volunteering! |
will do! as such I think we are at this step and so since I see the draft document above in the checklist - I will review w/ @eddie-knight @ashutosh-narkar @krishnakv and @wibarre from the process doc if @JustinCappos or whomever has the perms can: I created a slack channel (or I think I did): #sec-assess-openfga |
JustinCappos
assigned krishnakv, ashutosh-narkar, wibarre, eddie-knight and sunstonesecure-robert
|
Okay, I updated this. @sunstonesecure-robert I think you should be able to edit the message at the top to add things like the slack channel name, etc. If not, let me know. |
I cannot. event after a refresh (though I can edit my own comments) |
|
Okay, please ask me to check the box, etc. as needed later. I would imagine that @ashutosh-narkar and (soon) @eddie-knight may also have the rights to do so. |
|
status update - kickoff call held 5/10/2024 |
|
Do we have a recording of the call? |
The team is now ready for a joint assessment.
Project Name: OpenFGA
Github URL: https://github.com/openfga/openfga/blob/main/docs/security-self-assessment.md
CNCF project stage: cncf/toc#1276 (incubation)
Security Provider: yes (e.g. Is the primary function of the project to support the security of an integrating system?)
The text was updated successfully, but these errors were encountered: