docs(cleanup): rename SIG to TAG

.github/ISSUE_TEMPLATE/joint-review.md

@@ -7,11 +7,11 @@ assignees: ''
 
 ---
 
-Project Name: 
+Project Name:
 
 Github URL:
 
-<!-- For project proposals looking to go through SIG review, please indicate the stage of the project (sandbox, incubation/graduation and link to the TOC issue, else indicate NA
+<!-- For project proposals looking to go through TAG review, please indicate the stage of the project (sandbox, incubation/graduation and link to the TOC issue, else indicate NA
 
 For example, https://github.com/cncf/toc/issues/368 (incubation)
 -->
@@ -27,7 +27,7 @@ Security Provider: yes/no (e.g. Is the primary function of the project to suppor
    - [ ] Sign off by 2 chairs on reviewer conflicts
 - [ ] Create slack channel (e.g. #sec-assess-projectname)
 - [ ] Project lead provides draft document - see [outline](https://github.com/cncf/tag-security/blob/main/assessments/guide/joint-review.md)
-- [ ] "Naive question phase" Lead Security Reviewer asks clarifying questions 
+- [ ] "Naive question phase" Lead Security Reviewer asks clarifying questions
 - [ ] Assign issue to security reviewers
 - [ ] Initial review
 - [ ] Presentation & discussion

.github/ISSUE_TEMPLATE/presentation.md

@@ -1,6 +1,6 @@
 ---
 name: Presentation
-about: Have something you want to share with the group? Or someone you would like to invite to speak? Propose a presentation for the SIG-Security weekly meetings.
+about: Have something you want to share with the group? Or someone you would like to invite to speak? Propose a presentation for the TAG-Security weekly meetings.
 title: "[Presentation] Presentation Title"
 labels: "usecase-presentation, triage-required"
 assignees: ''
@@ -14,7 +14,7 @@ Description: Describe in a short paragraph what the presentation is about.
 
 Time: How long will the presentation take? (estimate)
 
-Availability: What is the availability times of the speakers to present the topic? Meeting times are listed on the landing page. 
+Availability: What is the availability times of the speakers to present the topic? Meeting times are listed on the landing page.
 
 TO DO
 - [ ] TAG Representative

.github/ISSUE_TEMPLATE/proposal.md

@@ -7,13 +7,13 @@ assignees: ''
 
 ---
 
-Description: what's your idea? 
+Description: what's your idea?
 
 Impact: Describe the customer impact of the problem. Who will this help?  How will it help them?
 
-Scope: How much effort will this take? ok to provide a range of options if or "not yet determined" for initial proposals.  Feel free to include proposed tasks below or link a Google doc 
+Scope: How much effort will this take? ok to provide a range of options if or "not yet determined" for initial proposals.  Feel free to include proposed tasks below or link a Google doc
 
 TO DO
-- [ ] SIG Representative
+- [ ] TAG Representative
 - [ ] Project leader(s)
 - [ ] TBD

.github/workflows/sig-sec-check.yml

@@ -1,5 +1,5 @@
 ---
-name: SIG-Security-Linter
+name: TAG-Security-Linter
 
 # Run this workflow on every PR to master
 on:

CONTRIBUTING.md

@@ -35,9 +35,9 @@ review/comment.
 
 A favorable review is determined by the contents of the PR complying with the
 contributing guide, the writing style, and agreement the contents align with the
-SIG's goals, objectives, and scope.  It is anticipated that PRs submitted, with
+TAG's goals, objectives, and scope.  It is anticipated that PRs submitted, with
 the exception of spelling and grammar changes, have been discussed with members
-of the SIG via slack or issues.
+of the TAG via slack or issues.
 
 ##### Nits
 
@@ -99,7 +99,7 @@ merging party.
 
 ### Merging pull requiests
 
-PRs may be merged after at least one review as occurred, dependent on the type of changes reflected in the PR.  The merging party needs to verify a review has occurred, the PR is in alignment with this guide, and is in scope of the SIG.
+PRs may be merged after at least one review as occurred, dependent on the type of changes reflected in the PR.  The merging party needs to verify a review has occurred, the PR is in alignment with this guide, and is in scope of the TAG.
 
 ### Writing style
 

README.md

@@ -13,8 +13,8 @@
 
 ## Objective
 
-STAG facilitates collaboration to discover and produce resources that enable 
-secure access, policy control, and safety for operators, administrators, 
+STAG facilitates collaboration to discover and produce resources that enable
+secure access, policy control, and safety for operators, administrators,
 developers, and end-users across the cloud native ecosystem.
 
 
@@ -46,14 +46,14 @@ security of the system, such as auditing and explainability features.
 
 # Governance
 
-[STAG charter](governance/charter.md) outlines the scope  of our group activities, 
+[STAG charter](governance/charter.md) outlines the scope  of our group activities,
 as part of our [governance process](governance) which details how we work.
 
 ## Communications
 
-Anyone is welcome to join our open discussions of STAG projects and share news 
-related to the group's mission and charter. Much of the work of the group happens 
-outside of Security TAG meetings and we encourage project teams to share progress 
+Anyone is welcome to join our open discussions of STAG projects and share news
+related to the group's mission and charter. Much of the work of the group happens
+outside of Security TAG meetings and we encourage project teams to share progress
 updates or post questions in these channels:
 
 Group communication:
@@ -101,8 +101,8 @@ Meeting ID: 737 567 7271
 
 ## Gatherings
 
-Please let us know if you are going and if you are interested in attending (or 
-helping to organize!) a gathering. Create a [github issue](https://github.com/cncf/tag-security/issues/new) for an event 
+Please let us know if you are going and if you are interested in attending (or
+helping to organize!) a gathering. Create a [github issue](https://github.com/cncf/tag-security/issues/new) for an event
 and add to list below:
 
 
@@ -117,13 +117,13 @@ If you are new to the group, check out our [New Members Page](NEWMEMBERS.md) and
 ## Related groups
 
 * [Kubernetes Policy Working Group](https://github.com/kubernetes/community/tree/master/wg-policy)
-* [Kubernetes SIG-Auth](https://github.com/kubernetes/community/tree/master/sig-auth)
+* [Kubernetes TAG-Auth](https://github.com/kubernetes/community/tree/master/tag-auth)
 * [NIST Big Data WG](https://bigdatawg.nist.gov/)
 
 ## History
 
-* SIG-Security - renamed STAG ([TOC Issue #549](https://github.com/cncf/toc/issues/549))
-* SAFE WG - renamed to CNCF Security SIG
+* TAG-Security - renamed STAG ([TOC Issue #549](https://github.com/cncf/toc/issues/549))
+* SAFE WG - renamed to CNCF Security TAG
 * [(Proposed) CNCF Policy Working Group](/policy-wg-merging.md) - Merged into SAFE WG
 
 ## Members
@@ -230,7 +230,7 @@ Membership governance can be viewed [here](https://github.com/cncf/tag-security/
 * Ricardo Aravena ([@raravena80](https://github.com/raravena80)), Rakuten
 * Lakshmi Manohar Velicheti ([@manohar9999](https://github.com/manohar9999)), Shape Security
 * Andres Vega ([@anvega](https://github.com/anvega)), Scytale.io
-* Cameron Seader ([@cseader](https://github.com/cseader)), SUSE 
+* Cameron Seader ([@cseader](https://github.com/cseader)), SUSE
 * Robert Ficcaglia ([@rficcaglia](https://github.com/rficcaglia)), Policy WG
 * Matthew Giassa ([@iaxes](https://github.com/IAXES))
 * Tabitha Sable ([@tabbysable](https://github.com/tabbysable))

assessments/README.md

@@ -55,7 +55,7 @@ subsume the need for a professional security audit of the code*.  Audits of
 implementation-specific vulnerabilities, improper deployment configurations, etc.
 are not in scope of a security review.  A security review is intended to
 uncover design flaws, enhance the security mindset of the project, and to obtain
-a clear, comprehensive articulation of the project's design goals and 
+a clear, comprehensive articulation of the project's design goals and
 aspirations while documenting the intended security properties enforced,
 fulfilled, or executed by said project.
 
@@ -76,7 +76,7 @@ Security reviews have many benefits, creating:
 A complete security review package primarily consists of the following
 items:
 * [Self-assessment](guide/self-assessment.md).  A written assessment by the project
-of the project's current security statue. 
+of the project's current security statue.
 * [Joint-review](guide/joint-review.md). A joint review by both the [security
 reviewers](guide/security-reviewer.md) and the project team that includes parts
 of the self-assessment and expands to include a more comprehensive consideration
@@ -98,29 +98,29 @@ security of the project, not a security audit of the project, and do not relieve
 an individual or organization from performing their own due diligence and
 complying with laws, regulations, and policies.
 
-Draft assessments contain *unconfirmed* content and are not endorsed as factual 
-until committed to this repository, which requires detailed peer review.  Draft 
-reviews may also contain *speculative* content as the project lead or security 
-reviewer is performing a review.  Draft reviews are *only* for the purpose 
-of preparing final artifact and are **not** to be used in any other capacity by 
+Draft assessments contain *unconfirmed* content and are not endorsed as factual
+until committed to this repository, which requires detailed peer review.  Draft
+reviews may also contain *speculative* content as the project lead or security
+reviewer is performing a review.  Draft reviews are *only* for the purpose
+of preparing final artifact and are **not** to be used in any other capacity by
 the community.
 
-Final slides resulting from the presentation and the project's joint review 
-will be stored in the individual project's review folder with supporting 
+Final slides resulting from the presentation and the project's joint review
+will be stored in the individual project's review folder with supporting
 documentation and artifacts from the review.  These folders can be found under
  [assessments/projects](projects/) and clicking on the project name.
 
 ## Process
 
-Creating the security review package is a collaborative process for the 
-benefit of the project and the community, where the primary content is generated 
-by the [project lead](guide/project-lead.md) and revised based on feedback from [security reviewers](guide/security-reviewer.md) 
-and other members of the SIG.
+Creating the security review package is a collaborative process for the
+benefit of the project and the community, where the primary content is generated
+by the [project lead](guide/project-lead.md) and revised based on feedback from [security reviewers](guide/security-reviewer.md)
+and other members of the TAG.
 
 * If you are interested in a security review for your project and you are
   willing to volunteer as [project lead](guide/project-lead.md) or you are a
-  SIG-Security member and want to recommend a project to review, please [file an
-  issue](https://github.com/cncf/sig-security/issues/new?template=joint-review.md)
+  TAG-Security member and want to recommend a project to review, please [file an
+  issue](https://github.com/cncf/tag-security/issues/new?template=joint-review.md)
 
 See [security review guide](guide) for more details.  To understand how we
 prioritize reviews, see [intake process](./intake-process.md).

assessments/guide/README.md

@@ -46,9 +46,9 @@ The self-assessment provides projects with the opportunity to examine the
 existing security provisions of the project.  It can serve as their initial
 security documentation for users.
 
-#### Create a [presentation issue](https://github.com/cncf/sig-security/issues/new?assignees=&labels=usecase-presentation&template=presentation.md&title=%5BPresentation%5D+Presentation+Title)
+#### Create a [presentation issue](https://github.com/cncf/tag-security/issues/new?assignees=&labels=usecase-presentation&template=presentation.md&title=%5BPresentation%5D+Presentation+Title)
 
-This presentation should go over the self-assessment and provide SIG-Security
+This presentation should go over the self-assessment and provide TAG-Security
 with an initial understanding of the project.  It is recommended the **project
 lead** submit the issue as the primary point of contact (POC).
 
@@ -62,8 +62,8 @@ updated self-assessment based on feedback and discussion.
 
 #### Submit a PR to include the self-assessment in the repo
 
-After the presentation, the **project lead** or their designee should submit a PR, 
-citing the presentation issue number to add the self-assessment to [assessments/projects](https://github.com/cncf/tag-security/tree/main/assessments/projects) under its 
+After the presentation, the **project lead** or their designee should submit a PR,
+citing the presentation issue number to add the self-assessment to [assessments/projects](https://github.com/cncf/tag-security/tree/main/assessments/projects) under its
 own folder.  The ticket may then be closed after merged in.
 
 ### Growing projects
@@ -77,10 +77,10 @@ to start with the self-assessment before pursing joint review.
 #### [Create tracking issue](https://github.com/cncf/tag-security/issues/new?assignees=&labels=assessment&template=security-assessment.md&title=%5BAssessment%5D+Project+Name)
 
 The tracking issue serves to initiate the joint-reviews.  It provides
- an initial set of information to assist SIG-Security in  prioritizing the
+ an initial set of information to assist TAG-Security in  prioritizing the
 joint review as well as provide potential reviewers with a central
 location to manage the effort.
-   * Issue may be a request from **TOC liason** or **project** itself 
+   * Issue may be a request from **TOC liason** or **project** itself
    * [**Security review facilitator**](https://github.com/cncf/tag-security/blob/main/governance/roles.md#facilitation-roles) with help from the **technical leads**
  and **co-chairs** if appropriate, will determine if the project is ready for
  joint-review.  If ready, a channel will be created to coordinate the
@@ -93,18 +93,18 @@ joint review.  The joint review expands upon content of the
 self-assessment and provides the **reviewers** with a central starting point in
 reviewing the current security stature of the project.
 
-#### Project provides the joint review and reviewers are assigned 
+#### Project provides the joint review and reviewers are assigned
 
 The project provides the reviewers with security relevant information about their
  project.  The joint review can include links to external documents and sources
- within the project's repository or website to provide additional details or 
+ within the project's repository or website to provide additional details or
 reference where a process is kept.
    * **[Project lead](project-lead.md)** responds to the issue with draft
      document (see [joint review](joint-review.md))
    * Issue assigned to **lead [security reviewer](security-reviewer.md)** who
      will recruit at least one additional reviewer, if one is not already
 assigned, and facilitate the process.
- 
+
 #### Conflict of interest statement and review
 
 In order to remediate unfair advantage or ethical issues all reviewers are
@@ -148,7 +148,7 @@ prior to the *3 week* timeframe for reviews.
       * Ask for clarifications
       * Ensure terms are defined
       * Ensure concepts introduced are explained with context
-      * Provide quick feedback 
+      * Provide quick feedback
 
 #### Security review with optional hands-on review
 
@@ -167,20 +167,20 @@ review, the hands-on review is included in this step.
         with the project's repo and docs if available
    * **Security reviewers and project lead/pocs** ensure all reviewer
      questions, comments, and feedback are addressed and finalize the joint review
-   * **Lead security reviewer or their designee,** with the assistance of the 
-**security reviewers** create a [draft summary document](joint-readme-template.md) to capture existing 
+   * **Lead security reviewer or their designee,** with the assistance of the
+**security reviewers** create a [draft summary document](joint-readme-template.md) to capture existing
 comments, feedback, and recommendations prior to the presentation.
 
 #### Presentation
 
-The presentation is designed to inform members of SIG Security of the project,
+The presentation is designed to inform members of TAG Security of the project,
 its intent, what it accomplishes, and provides the opportunity for additional
 questions and feedback to the reviewers and project.
-   * Project lead presents to SIG during SIG meeting
-   * Presentation is recorded as part of standard SIG process
+   * Project lead presents to TAG during TAG meeting
+   * Presentation is recorded as part of standard TAG process
    * Presentation slides are linked in the /assessments/projects/project-name/
 
-#### Final summary 
+#### Final summary
 
 The final summary provides a cursory review of the project, background,
 summary of the joint review, and recommendations to the CNCF, the project,
@@ -196,7 +196,7 @@ of the review.
    * **Project lead** prepares a PR to /assessments/projects/project-name/
      when all comments, feedback, and recommendations are incorporated for the
 joint review and presentation slides.
-   * PR approval of at least 1 **co-chair**, alongside other **reviewers'** 
+   * PR approval of at least 1 **co-chair**, alongside other **reviewers'**
 approvals, is required before merging any artifacts.
 
 #### [Post-review survey](review-survey.md)
@@ -217,4 +217,4 @@ reviewers:
   feedback from security reviewers
 * Project lead or lead security reviewer may pause the process where a delay of
   over a week cannot be accommodated by the review team. Simply close the github
-issue with a note to SIG co-chairs.
+issue with a note to TAG co-chairs.