Skip to content

cncf: self-assessment doc #6459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

cncf: self-assessment doc #6459

wants to merge 1 commit into from

Conversation

@lsm5
Copy link
Member

@lsm5 lsm5 commented Oct 29, 2025
edited
Loading

This is being added here only for review. This doc will live in https://github.com/cncf/tag-security and probably be removed from here.

What type of PR is this?

/kind other

What this PR does / why we need it:

Review submission for cncf/tag-security.

How to verify it

Just a doc. Review if it's good for CNCF submission.

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

None

Does this PR introduce a user-facing change?

None

Reference: https://github.com/cncf/tag-security/blob/main/community/assessments/guide/self-assessment.md

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 29, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lsm5

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@lsm5 lsm5 force-pushed the cncf-self-assessment branch from 342e829 to 6132ab7 Compare October 29, 2025 18:32
TomSweeneyRedHat
TomSweeneyRedHat reviewed Oct 29, 2025
View reviewed changes
@lsm5 lsm5 force-pushed the cncf-self-assessment branch from 1e308d4 to 28fa215 Compare October 30, 2025 14:20
@packit-as-a-service
Copy link

packit-as-a-service bot commented Oct 30, 2025

Ephemeral COPR build failed. @containers/packit-build please check.

@lsm5 lsm5 force-pushed the cncf-self-assessment branch from 28fa215 to 588efae Compare October 30, 2025 19:22
@lsm5 lsm5 changed the title [WIP] cncf: self-assessment doc cncf: self-assessment doc Oct 30, 2025
@lsm5 lsm5 marked this pull request as ready for review October 30, 2025 19:31
@lsm5
Copy link
Member Author

lsm5 commented Nov 3, 2025

@containers/buildah-maintainers PTAL

@TomSweeneyRedHat
Copy link
Member

TomSweeneyRedHat commented Nov 4, 2025

LGTM
some unhappy tests which I suspect are flakes. I'll give them a kick.

@lsm5
Copy link
Member Author

lsm5 commented Nov 5, 2025

@nalind @flouthoc PTAL as well. I'll most likely combine the common parts (review / security process) etc with the podman doc which is now at https://github.com/cncf/toc/blob/main/projects/podman-containers/security-assessment/self-assessment.md

flouthoc
flouthoc reviewed Nov 5, 2025
View reviewed changes
docs/cncf/self-assessment.md

* **Flexible build process**: Provide fine-grained control over the image building process.

* **Integration**: Work seamlessly with other container tools in the ecosystem.
Copy link
Collaborator

@flouthoc flouthoc Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this point ? Buildah generates OCI images which can be used by other tools once pushed to registry otherwise only podman can read these images locally.

Copy link
Member Author

@lsm5 lsm5 Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll remove it.

flouthoc
flouthoc reviewed Nov 5, 2025
View reviewed changes
flouthoc
flouthoc reviewed Nov 5, 2025
View reviewed changes
docs/cncf/self-assessment.md

* **Buildah CLI**: The main command-line interface that users interact with for building container images.

* **Build context**: The filesystem context containing source code and build instructions.
Copy link
Collaborator

@flouthoc flouthoc Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This point is not very clear to me, I wonder if build context should be part of actors or not. @nalind WDYT

Copy link
Member Author

@lsm5 lsm5 Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can remove that too.

flouthoc
flouthoc reviewed Nov 5, 2025
View reviewed changes
Copy link
Collaborator

@flouthoc flouthoc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM some comments

@lsm5 @flouthoc @TomSweeneyRedHat
cncf: self-assessment doc
ebdfee5 
This is being added here only for review. This doc will live in
https://github.com/cncf/tag-security and *probably* be removed from
here.

Co-authored-by: flouthoc <[email protected]>
Co-authored-by: Tom Sweeney <[email protected]>
Signed-off-by: Lokesh Mandvekar <[email protected]>
@lsm5 lsm5 force-pushed the cncf-self-assessment branch from 08d8f4b to ebdfee5 Compare November 5, 2025 19:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flouthoc flouthoc flouthoc left review comments

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

Assignees

No one assigned

Labels

approved kind/other

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lsm5 @TomSweeneyRedHat @flouthoc