Merge branch 'main' into anvega-community-readme

cncf · Aug 16, 2024 · aea1cb4 · aea1cb4
2 parents ad44b8e + a3c9fed
commit aea1cb4
Show file tree

Hide file tree

Showing 425 changed files with 3,449 additions and 1,555 deletions.
diff --git a/.github/ISSUE_TEMPLATE/blog-submission.md b/.github/ISSUE_TEMPLATE/blog-submission.md
@@ -0,0 +1,18 @@
+---
+name: Blog Submission
+about: Propose and author a blog article for publication on the tag-security.cncf.io website
+title: "[Blog] some descriptive title"
+labels: "blog, triage-required"
+assignees: ''
+
+---
+
+Description: What's your idea?
+
+Impact: What is the purpose of this blog post? 
+
+Sponsor: If applicable mention a related issue or the related working group this blog originates from.
+
+Additional info:
+- Reference to supporting material
+- Links to related site
diff --git a/.github/ISSUE_TEMPLATE/joint-review.md b/.github/ISSUE_TEMPLATE/joint-review.md
@@ -20,13 +20,13 @@ CNCF project stage and issue (NA if not applicable):
 Security Provider: yes/no (e.g. Is the primary function of the project to support the security of an integrating system?)
 
 - [ ] Identify team
-   - [ ] Project security lead
-   - [ ] Lead security reviewer
-   - [ ] 1 or more additional reviewer(s)
-   - [ ] Every reviewer has read [security reviewer guidelines](https://github.com/cncf/tag-security/blob/main/assessments/guide/security-reviewer.md) and stated declaration of conflict
-   - [ ] Sign off by facilitator on reviewer conflicts
+  - [ ] Project security lead
+  - [ ] Lead security reviewer
+  - [ ] 1 or more additional reviewer(s)
+  - [ ] Every reviewer has read [security reviewer guidelines](/community/assessments/guide/joint-assessment.md) and stated declaration of conflict
+  - [ ] Sign off by facilitator on reviewer conflicts
 - [ ] Create slack channel (e.g. #sec-assess-projectname)
-- [ ] Project lead provides draft document - see [outline](https://github.com/cncf/tag-security/blob/main/assessments/guide/joint-review.md)
+- [ ] Project lead provides draft document - see [outline](/community/assessments/guide/joint-assessment.md)
 - [ ] "Naive question phase" Lead Security Reviewer asks clarifying questions
 - [ ] Assign issue to security reviewers
 - [ ] Initial review

diff --git a/.github/ISSUE_TEMPLATE/presentation.md b/.github/ISSUE_TEMPLATE/presentation.md
@@ -20,3 +20,4 @@ TO DO
 - [ ] TAG Representative
 - [ ] Schedule date
 - [ ] By opening this issue, I, (Insert Github Handle/Name) acknowledge that the presentation topic and speaker will follow the [presentation guidelines](../CONTRIBUTING.md#present-to-the-tag)
+- [ ] If this is a presentation for a project moving levels, the TAG Representative should complete the [Moving Levels Recommendation](../project-resources/moving-levels-review-template.md)
diff --git a/.github/workflows/sig-sec-check.yml b/.github/workflows/sig-sec-check.yml
@@ -11,27 +11,27 @@ jobs:
   Setup:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Setup
         run: make setup
   Lint:
     runs-on: ubuntu-latest
     needs: Setup
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Lint
         run: make lint
   Spelling:
     runs-on: ubuntu-latest
     needs: Setup
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Spelling
         run: make spelling
   Links:
     runs-on: ubuntu-latest
     needs: Setup
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Links
         run: make links
diff --git a/CODE-OF-CONDUCT.md b/CODE-OF-CONDUCT.md
@@ -120,5 +120,5 @@ The above guidelines are inspired by and borrowed from other communities:
 
 [cncf-coc]: https://github.com/cncf/foundation/blob/master/code-of-conduct.md  
 [charter]: https://github.com/cncf/tag-security/blob/main/governance/charter.md
-[review-outcome]: https://github.com/cncf/tag-security/tree/main/assessments#outcome
+[review-outcome]: /community/assessments#outcome
 [cncf-toc]: https://www.cncf.io/people/technical-oversight-committee/
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -197,7 +197,7 @@ Here are some additional sources for good content guidelines:
 [CODE-OF-CONDUCT.md]: CODE-OF-CONDUCT.md
 [help is needed]: https://github.com/cncf/tag-security/labels/help%20wanted
 [communication channels]: README.md#Communications
-[security reviews]: ./assessments/README.md
+[security reviews]: /community/assessments/README.md
 [CNCF Slack guidelines]: https://github.com/cncf/foundation/blob/main/slack-guidelines.md
 [code of conduct]: ./CODE-OF-CONDUCT.md
 [CNCF Style Guide]: https://github.com/cncf/foundation/blob/main/style-guide.md

diff --git a/LICENSE-code b/LICENSE-code