From fbf9dc6fe85d904d259a69e11ffd883371f091ec Mon Sep 17 00:00:00 2001 From: Andres Vega Date: Wed, 19 Jun 2024 21:06:42 -0700 Subject: [PATCH 01/14] Created new directories, moved directories, merged readme MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Created directories: community/working-groups, community/events, community/resources. - Moved `audio-versions` to `community/publications/`. - Moved `supply-chain-security`, `compliance`, `policy` to `community/working-groups`. - Moved `design`, `security-lexicon`, `security-whitepaper`, `landscape`, `security-fuzzing-handbook` to `community/resources/`. - Moved `cloud_native_security.md` and `past-events.md` to `community/events/`. - Deleted unused files: `policy-wg-merging.md`, `roadmap.md`, `safe_kubecon.md`, - Merged readmes for working groups and old folders Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega --- .../catalog}/compromises/1975/login-bell.md | 0 .../catalog}/compromises/2003/debian.md | 0 .../catalog}/compromises/2003/gentoo-rsync.md | 0 .../compromises/2003/kernel-repository.md | 0 .../catalog}/compromises/2007/squirrelmail.md | 0 .../catalog}/compromises/2007/wordpress.md | 0 .../catalog}/compromises/2008/fedora.md | 0 .../catalog}/compromises/2010/apache.md | 0 .../catalog}/compromises/2010/aurora.md | 0 .../catalog}/compromises/2010/fsf-website.md | 0 .../catalog}/compromises/2010/proftpd.md | 0 .../catalog}/compromises/2011/kernelorg.md | 0 .../compromises/2012/ruby-on-rails-github.md | 0 .../catalog}/compromises/2013/apt.md | 0 .../catalog}/compromises/2014/code-spaces.md | 0 .../catalog}/compromises/2014/monju.md | 0 .../compromises/2015/ceph-and-inktank.md | 0 .../catalog}/compromises/2015/juniper.md | 0 .../catalog}/compromises/2015/xcodeghost.md | 0 .../catalog}/compromises/2016/fosshub.md | 0 .../catalog}/compromises/2016/gh-unicode.md | 0 .../catalog}/compromises/2016/keydnap.md | 0 .../catalog}/compromises/2016/mint.md | 0 .../catalog}/compromises/2017/bitcoingold.md | 0 .../catalog}/compromises/2017/ccleaner.md | 0 .../catalog}/compromises/2017/elmedia.md | 0 .../compromises/2017/expensivewall.md | 0 .../catalog}/compromises/2017/hacktask.md | 0 .../catalog}/compromises/2017/handbrake.md | 0 .../catalog}/compromises/2017/kingslayer.md | 0 .../catalog}/compromises/2017/notpetya.md | 0 .../catalog}/compromises/2018/aur.md | 0 .../catalog}/compromises/2018/colourama.md | 0 .../catalog}/compromises/2018/dofoil.md | 0 .../catalog}/compromises/2018/event_stream.md | 0 .../catalog}/compromises/2018/gentoo.md | 0 .../catalog}/compromises/2018/gogetu.md | 0 .../compromises/2018/operation-red.md | 0 .../compromises/2018/unnamed-maker.md | 0 .../compromises/2019/canonical-github.md | 0 .../2019/electron-native-notify.md | 0 .../catalog}/compromises/2019/monero.md | 0 .../catalog}/compromises/2019/pear.md | 0 .../compromises/2019/purescript-npm.md | 0 .../catalog}/compromises/2019/pypi.md | 0 .../catalog}/compromises/2019/ros.md | 0 .../catalog}/compromises/2019/shadowhammer.md | 0 .../compromises/2019/webmin-backdoor.md | 0 .../catalog}/compromises/2020/nodejs.md | 0 .../compromises/2020/octopus_scanner.md | 0 .../catalog}/compromises/2020/solarwinds.md | 0 .../catalog}/compromises/2020/sonarqube.md | 0 .../compromises/2020/thegreatsuspender.md | 0 .../compromises/2020/trojanized-fdm.md | 0 .../catalog}/compromises/2021/coa-rc.md | 0 .../catalog}/compromises/2021/codecov.md | 0 .../catalog}/compromises/2021/homebrew.md | 0 .../compromises/2021/klow-klown-okhsa.md | 0 .../catalog}/compromises/2021/log4j.md | 0 .../catalog}/compromises/2021/php.md | 0 .../catalog}/compromises/2021/repojacking.md | 0 .../catalog}/compromises/2021/travis-ci.md | 0 .../catalog}/compromises/2021/ua-parser-js.md | 0 .../catalog}/compromises/2021/vscode.md | 0 .../2022/Comm100-live-chat-trojan.md | 0 .../2022/auth0-source-code-leak.md | 0 .../compromises/2022/ctx-and-phpass.md | 0 .../2022/docker-hub-malicious-containers.md | 0 .../2022/dropbox-github-account-breach.md | 0 .../catalog}/compromises/2022/fantasy.md | 0 .../2022/golang-buildpacks-compiler.md | 0 .../2022/intel-alder-lake-BIOS-leak.md | 0 .../compromises/2022/js-faker-colors.md | 0 .../compromises/2022/node-ipc-peacenotwar.md | 0 .../compromises/2022/okta-github-repo-leak.md | 0 .../compromises/2022/php-pear-compromise.md | 0 .../2022/pypi-malicious-packages.md | 0 .../compromises/2022/ruby-override.md | 0 .../catalog}/compromises/2022/wp-apthemes.md | 0 .../compromises/2023/fake-dependabot.md | 0 .../catalog}/compromises/2023/mathjs-min.md | 0 .../2023/packagist-maintainer-takeover.md | 0 .../compromises/2023/retool-portal-mfa.md | 0 .../compromises/2023/xmlsec-manageengine.md | 0 .../catalog}/compromises/2024/gitgot.md | 0 .../catalog}/compromises/2024/laixi-3proxy.md | 0 .../2024/targeted-signed-endoor.md | 0 .../catalog}/compromises/2024/xz.md | 0 .../catalog}/compromises/README.md | 0 .../compromises/compromise-definitions.md | 0 .../events/cloud_native_security.md | 0 .../events/past-events.md | 0 .../publications}/README.md | 0 .../publications/audio-versions}/README.md | 0 .../publications}/authoring-guidelines.md | 0 .../publications}/paper-process.md | 0 .../publications}/publishing-protocols.md | 0 .../resources/design}/README.md | 0 .../resources/design}/colors/#141419.png | Bin .../resources/design}/colors/#152356.png | Bin .../resources/design}/colors/#389BB2.png | Bin .../resources/design}/colors/#474756.png | Bin .../resources/design}/colors/#4A6CA4.png | Bin .../resources/design}/colors/#6F6F7F.png | Bin .../resources/design}/colors/#85C2D2.png | Bin .../resources/design}/colors/#D81637.png | Bin .../resources/design}/colors/#F7C906.png | Bin .../resources/design}/colors/#F98903.png | Bin ...cloud-native-security-horizontal-color.png | Bin ...cloud-native-security-horizontal-color.svg | 0 ...ative-security-horizontal-darkmodesafe.png | Bin ...ative-security-horizontal-darkmodesafe.svg | 0 ...tive-security-horizontal-white-display.png | Bin ...cloud-native-security-horizontal-white.png | Bin ...cloud-native-security-horizontal-white.svg | 0 .../logo/cloud-native-security-icon-color.png | Bin .../logo/cloud-native-security-icon-color.svg | 0 ...oud-native-security-icon-white-display.png | Bin .../logo/cloud-native-security-icon-white.png | Bin .../logo/cloud-native-security-icon-white.svg | 0 .../cloud-native-security-stacked-color.png | Bin .../cloud-native-security-stacked-color.svg | 0 ...-native-security-stacked-white-display.png | Bin .../cloud-native-security-stacked-white.png | Bin .../cloud-native-security-stacked-white.svg | 0 .../resources/landscape}/README.md | 0 .../resources/landscape}/approach.md | 0 .../resources/landscape}/categories.md | 0 .../resources/project-resources}/README.md | 0 .../templates/ISSUE_TEMPLATE.md | 0 .../project-resources}/templates/SECURITY.md | 0 .../templates/SECURITY_CONTACTS.md | 0 .../templates/embargo-policy.md | 0 .../project-resources}/templates/embargo.md | 0 .../templates/incident-response.md | 0 .../provenance-implementation}/README.md | 0 .../argo/argo-cd.md | 0 .../security-fuzzing-handbook}/README.md | 0 .../security-fuzzing-handbook}/build.sh | 0 .../fuzzing-handbook.md | 0 .../handbook-fuzzing.pdf | Bin .../imgs/Code-coverage-of-example-project.png | Bin .../imgs/Coverage-guided-fuzzing-overview.png | Bin .../Function-level-fuzzing-introspection.png | Bin .../imgs/Fuzzing-code-coverage-report.png | Bin .../imgs/Fuzzing-key-components.png | Bin ...storical-progession-of-example-project.png | Bin .../imgs/LibFuzzer-engine-overview.png | Bin .../Minimized-testcase-provided-per-issue.png | Bin ...norail-issues-are-closed-automatically.png | Bin ...-GitHub-bot-automatically-closes-issus.png | Bin ...OSS-Fuzz-GitHub-bot-reporting-an-issue.png | Bin .../imgs/OSS-Fuzz-detailed-stack-trace.png | Bin .../imgs/OSS-Fuzz-issue-overview.png | Bin ...pen-source-fuzz-introspection-overview.png | Bin .../imgs/Source-level-code-coverage.png | Bin .../imgs/cncf-logo-footer.png | Bin .../imgs/cncf-stacked-color.png | Bin .../imgs/envoy-introspector-profile.png | Bin .../imgs/vitess-fuzzing-landscape.png | Bin .../resources/security-lexicon}/README.md | 0 .../cloud-native-security-lexicon.md | 0 .../resources/security-whitepaper}/README.md | 0 .../security-whitepaper}/cnsmap/README.md | 0 .../secure-defaults-cloud-native-8.md | 0 ...oud-native-security-whitepaper-Nov2020.pdf | Bin ...security-whitepaper-brazilian-portugese.md | 0 ...-security-whitepaper-simplified-chinese.md | 0 ...loud-native-security-whitepaper-spanish.md | 0 .../v1/cloud-native-security-whitepaper.md | 0 .../RackMultipart20201111_figure1.png | Bin .../RackMultipart20201111_figure2.png | Bin .../RackMultipart20201111_figure3.png | Bin .../RackMultipart20201111_figure4.png | Bin .../RackMultipart20201111_figure5.png | Bin .../v1/secure-software-factory.md | 0 ...-native-security-whitepaper-May2022-v2.pdf | Bin ...ive-security-whitepaper-cn-Sept2023-v2.pdf | Bin ...tive-security-whitepaper-it-May2023-v2.pdf | Bin .../v2/cloud-native-security-whitepaper-it.md | 0 .../v2/cloud-native-security-whitepaper-ja.md | 0 ...-security-whitepaper-simplified-chinese.md | 0 .../v2/cloud-native-security-whitepaper.md | 0 .../v2/cnswp-images/cnswp-v2-figure1.png | Bin ...wp-v2-security-structural-model-deploy.png | Bin ...p-v2-security-structural-model-develop.png | Bin ...2-security-structural-model-distribute.png | Bin ...p-v2-security-structural-model-runtime.png | Bin .../resources/usecase-personas}/README.md | 0 .../references/admin-bill-of-rights.md | 0 community/supply-chain-security/README.md | 14 --- .../PolicyFormalVerificationDiagram.png | Bin .../policy}/overview-formal-verification.png | Bin ...view-policy-build-time-dependency-vulns.md | 0 .../overview-policy-formal-verification.md | 0 .../automated-governance/README.md | 0 .../{ => working-groups}/compliance/README.md | 0 .../{ => working-groups}/controls/README.md | 0 .../controls}/phase-one-announcement.md | 0 .../{ => working-groups}/research/README.md | 0 .../supply-chain-security/README.md | 41 ++++++++ .../Secure_Software_Factory_Whitepaper.pdf | Bin .../secure-software-factory/images/image1.png | Bin .../secure-software-factory/images/image2.png | Bin .../secure-software-factory/images/image3.png | Bin .../secure-software-factory/images/image4.png | Bin .../secure-software-factory/images/image5.png | Bin .../secure-software-factory/images/image6.png | Bin .../secure-software-factory/images/image7.png | Bin .../secure-software-factory.md | 0 .../CNCF_SSCP_v1.pdf | Bin .../supply-chain-security-paper/README.md | 0 .../supply-chain-security-paper/fig1.png | Bin .../supply-chain-security-paper/fig2.png | Bin .../supply-chain-security-paper/fig3.png | Bin .../supply-chain-security-paper/fig4.png | Bin .../supply-chain-security-paper/fig5.png | Bin .../supply-chain-security-paper/fig6.png | Bin .../supply-chain-security-paper/fig7.png | Bin .../supply-chain-security-paper/fig8.png | Bin .../supply-chain-security-paper/fig9.png | Bin .../secure-supply-chain-assessment.md | 0 .../sscsp-images/fig1.png | Bin .../sscsp-images/fig2.png | Bin .../sscsp-images/fig3.png | Bin .../sscsp-images/fig4.png | Bin .../sscsp-images/fig5.png | Bin .../sscsp-images/fig6.png | Bin .../sscsp-images/fig7.png | Bin .../sscsp-images/fig8.png | Bin .../sscsp-images/fig9.png | Bin .../supply-chain-security-paper/sscsp.md | 0 compliance/README.md | 68 ------------- policy-wg-merging.md | 23 ----- roadmap.md | 92 ------------------ safe_kubecon.md | 15 --- supply-chain-security/README.md | 33 ------- 237 files changed, 41 insertions(+), 245 deletions(-) rename {supply-chain-security => community/catalog}/compromises/1975/login-bell.md (100%) rename {supply-chain-security => community/catalog}/compromises/2003/debian.md (100%) rename {supply-chain-security => community/catalog}/compromises/2003/gentoo-rsync.md (100%) rename {supply-chain-security => community/catalog}/compromises/2003/kernel-repository.md (100%) rename {supply-chain-security => community/catalog}/compromises/2007/squirrelmail.md (100%) rename {supply-chain-security => community/catalog}/compromises/2007/wordpress.md (100%) rename {supply-chain-security => community/catalog}/compromises/2008/fedora.md (100%) rename {supply-chain-security => community/catalog}/compromises/2010/apache.md (100%) rename {supply-chain-security => community/catalog}/compromises/2010/aurora.md (100%) rename {supply-chain-security => community/catalog}/compromises/2010/fsf-website.md (100%) rename {supply-chain-security => community/catalog}/compromises/2010/proftpd.md (100%) rename {supply-chain-security => community/catalog}/compromises/2011/kernelorg.md (100%) rename {supply-chain-security => community/catalog}/compromises/2012/ruby-on-rails-github.md (100%) rename {supply-chain-security => community/catalog}/compromises/2013/apt.md (100%) rename {supply-chain-security => community/catalog}/compromises/2014/code-spaces.md (100%) rename {supply-chain-security => community/catalog}/compromises/2014/monju.md (100%) rename {supply-chain-security => community/catalog}/compromises/2015/ceph-and-inktank.md (100%) rename {supply-chain-security => community/catalog}/compromises/2015/juniper.md (100%) rename {supply-chain-security => community/catalog}/compromises/2015/xcodeghost.md (100%) rename {supply-chain-security => community/catalog}/compromises/2016/fosshub.md (100%) rename {supply-chain-security => community/catalog}/compromises/2016/gh-unicode.md (100%) rename {supply-chain-security => community/catalog}/compromises/2016/keydnap.md (100%) rename {supply-chain-security => community/catalog}/compromises/2016/mint.md (100%) rename {supply-chain-security => community/catalog}/compromises/2017/bitcoingold.md (100%) rename {supply-chain-security => community/catalog}/compromises/2017/ccleaner.md (100%) rename {supply-chain-security => community/catalog}/compromises/2017/elmedia.md (100%) rename {supply-chain-security => community/catalog}/compromises/2017/expensivewall.md (100%) rename {supply-chain-security => community/catalog}/compromises/2017/hacktask.md (100%) rename {supply-chain-security => community/catalog}/compromises/2017/handbrake.md (100%) rename {supply-chain-security => community/catalog}/compromises/2017/kingslayer.md (100%) rename {supply-chain-security => community/catalog}/compromises/2017/notpetya.md (100%) rename {supply-chain-security => community/catalog}/compromises/2018/aur.md (100%) rename {supply-chain-security => community/catalog}/compromises/2018/colourama.md (100%) rename {supply-chain-security => community/catalog}/compromises/2018/dofoil.md (100%) rename {supply-chain-security => community/catalog}/compromises/2018/event_stream.md (100%) rename {supply-chain-security => community/catalog}/compromises/2018/gentoo.md (100%) rename {supply-chain-security => community/catalog}/compromises/2018/gogetu.md (100%) rename {supply-chain-security => community/catalog}/compromises/2018/operation-red.md (100%) rename {supply-chain-security => community/catalog}/compromises/2018/unnamed-maker.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/canonical-github.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/electron-native-notify.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/monero.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/pear.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/purescript-npm.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/pypi.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/ros.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/shadowhammer.md (100%) rename {supply-chain-security => community/catalog}/compromises/2019/webmin-backdoor.md (100%) rename {supply-chain-security => community/catalog}/compromises/2020/nodejs.md (100%) rename {supply-chain-security => community/catalog}/compromises/2020/octopus_scanner.md (100%) rename {supply-chain-security => community/catalog}/compromises/2020/solarwinds.md (100%) rename {supply-chain-security => community/catalog}/compromises/2020/sonarqube.md (100%) rename {supply-chain-security => community/catalog}/compromises/2020/thegreatsuspender.md (100%) rename {supply-chain-security => community/catalog}/compromises/2020/trojanized-fdm.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/coa-rc.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/codecov.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/homebrew.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/klow-klown-okhsa.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/log4j.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/php.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/repojacking.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/travis-ci.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/ua-parser-js.md (100%) rename {supply-chain-security => community/catalog}/compromises/2021/vscode.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/Comm100-live-chat-trojan.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/auth0-source-code-leak.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/ctx-and-phpass.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/docker-hub-malicious-containers.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/dropbox-github-account-breach.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/fantasy.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/golang-buildpacks-compiler.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/intel-alder-lake-BIOS-leak.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/js-faker-colors.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/node-ipc-peacenotwar.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/okta-github-repo-leak.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/php-pear-compromise.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/pypi-malicious-packages.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/ruby-override.md (100%) rename {supply-chain-security => community/catalog}/compromises/2022/wp-apthemes.md (100%) rename {supply-chain-security => community/catalog}/compromises/2023/fake-dependabot.md (100%) rename {supply-chain-security => community/catalog}/compromises/2023/mathjs-min.md (100%) rename {supply-chain-security => community/catalog}/compromises/2023/packagist-maintainer-takeover.md (100%) rename {supply-chain-security => community/catalog}/compromises/2023/retool-portal-mfa.md (100%) rename {supply-chain-security => community/catalog}/compromises/2023/xmlsec-manageengine.md (100%) rename {supply-chain-security => community/catalog}/compromises/2024/gitgot.md (100%) rename {supply-chain-security => community/catalog}/compromises/2024/laixi-3proxy.md (100%) rename {supply-chain-security => community/catalog}/compromises/2024/targeted-signed-endoor.md (100%) rename {supply-chain-security => community/catalog}/compromises/2024/xz.md (100%) rename {supply-chain-security => community/catalog}/compromises/README.md (100%) rename {supply-chain-security => community/catalog}/compromises/compromise-definitions.md (100%) rename cloud_native_security.md => community/events/cloud_native_security.md (100%) rename past-events.md => community/events/past-events.md (100%) rename {publications => community/publications}/README.md (100%) rename {audio-versions => community/publications/audio-versions}/README.md (100%) rename {publications => community/publications}/authoring-guidelines.md (100%) rename {publications => community/publications}/paper-process.md (100%) rename {publications => community/publications}/publishing-protocols.md (100%) rename {design => community/resources/design}/README.md (100%) rename {design => community/resources/design}/colors/#141419.png (100%) rename {design => community/resources/design}/colors/#152356.png (100%) rename {design => community/resources/design}/colors/#389BB2.png (100%) rename {design => community/resources/design}/colors/#474756.png (100%) rename {design => community/resources/design}/colors/#4A6CA4.png (100%) rename {design => community/resources/design}/colors/#6F6F7F.png (100%) rename {design => community/resources/design}/colors/#85C2D2.png (100%) rename {design => community/resources/design}/colors/#D81637.png (100%) rename {design => community/resources/design}/colors/#F7C906.png (100%) rename {design => community/resources/design}/colors/#F98903.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-horizontal-color.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-horizontal-color.svg (100%) rename {design => community/resources/design}/logo/cloud-native-security-horizontal-darkmodesafe.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-horizontal-darkmodesafe.svg (100%) rename {design => community/resources/design}/logo/cloud-native-security-horizontal-white-display.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-horizontal-white.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-horizontal-white.svg (100%) rename {design => community/resources/design}/logo/cloud-native-security-icon-color.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-icon-color.svg (100%) rename {design => community/resources/design}/logo/cloud-native-security-icon-white-display.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-icon-white.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-icon-white.svg (100%) rename {design => community/resources/design}/logo/cloud-native-security-stacked-color.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-stacked-color.svg (100%) rename {design => community/resources/design}/logo/cloud-native-security-stacked-white-display.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-stacked-white.png (100%) rename {design => community/resources/design}/logo/cloud-native-security-stacked-white.svg (100%) rename {landscape => community/resources/landscape}/README.md (100%) rename {landscape => community/resources/landscape}/approach.md (100%) rename {landscape => community/resources/landscape}/categories.md (100%) rename {project-resources => community/resources/project-resources}/README.md (100%) rename {project-resources => community/resources/project-resources}/templates/ISSUE_TEMPLATE.md (100%) rename {project-resources => community/resources/project-resources}/templates/SECURITY.md (100%) rename {project-resources => community/resources/project-resources}/templates/SECURITY_CONTACTS.md (100%) rename {project-resources => community/resources/project-resources}/templates/embargo-policy.md (100%) rename {project-resources => community/resources/project-resources}/templates/embargo.md (100%) rename {project-resources => community/resources/project-resources}/templates/incident-response.md (100%) rename {provenance-implementation => community/resources/provenance-implementation}/README.md (100%) rename {provenance-implementation => community/resources/provenance-implementation}/argo/argo-cd.md (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/README.md (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/build.sh (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/fuzzing-handbook.md (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/handbook-fuzzing.pdf (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Code-coverage-of-example-project.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Coverage-guided-fuzzing-overview.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Function-level-fuzzing-introspection.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Fuzzing-code-coverage-report.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Fuzzing-key-components.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Historical-progession-of-example-project.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/LibFuzzer-engine-overview.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Minimized-testcase-provided-per-issue.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Monorail-issues-are-closed-automatically.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/OSS-Fuzz-GitHub-bot-automatically-closes-issus.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/OSS-Fuzz-GitHub-bot-reporting-an-issue.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/OSS-Fuzz-detailed-stack-trace.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/OSS-Fuzz-issue-overview.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Open-source-fuzz-introspection-overview.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/Source-level-code-coverage.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/cncf-logo-footer.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/cncf-stacked-color.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/envoy-introspector-profile.png (100%) rename {security-fuzzing-handbook => community/resources/security-fuzzing-handbook}/imgs/vitess-fuzzing-landscape.png (100%) rename {security-lexicon => community/resources/security-lexicon}/README.md (100%) rename {security-lexicon => community/resources/security-lexicon}/cloud-native-security-lexicon.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/README.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/cnsmap/README.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/secure-defaults-cloud-native-8.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/CNCF_cloud-native-security-whitepaper-Nov2020.pdf (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cloud-native-security-whitepaper-brazilian-portugese.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cloud-native-security-whitepaper-simplified-chinese.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cloud-native-security-whitepaper-spanish.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cloud-native-security-whitepaper.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cnswp-images/RackMultipart20201111_figure1.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cnswp-images/RackMultipart20201111_figure2.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cnswp-images/RackMultipart20201111_figure3.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cnswp-images/RackMultipart20201111_figure4.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/cnswp-images/RackMultipart20201111_figure5.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v1/secure-software-factory.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/CNCF_cloud-native-security-whitepaper-cn-Sept2023-v2.pdf (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/CNCF_cloud-native-security-whitepaper-it-May2023-v2.pdf (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cloud-native-security-whitepaper-it.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cloud-native-security-whitepaper-ja.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cloud-native-security-whitepaper-simplified-chinese.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cloud-native-security-whitepaper.md (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cnswp-images/cnswp-v2-figure1.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cnswp-images/cnswp-v2-security-structural-model-deploy.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cnswp-images/cnswp-v2-security-structural-model-develop.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cnswp-images/cnswp-v2-security-structural-model-distribute.png (100%) rename {security-whitepaper => community/resources/security-whitepaper}/v2/cnswp-images/cnswp-v2-security-structural-model-runtime.png (100%) rename {usecase-personas => community/resources/usecase-personas}/README.md (100%) rename {usecase-personas => community/resources/usecase-personas}/references/admin-bill-of-rights.md (100%) delete mode 100644 community/supply-chain-security/README.md rename {policy => community/working-groups/archive/policy}/PolicyFormalVerificationDiagram.png (100%) rename {policy => community/working-groups/archive/policy}/overview-formal-verification.png (100%) rename {policy => community/working-groups/archive/policy}/overview-policy-build-time-dependency-vulns.md (100%) rename {policy => community/working-groups/archive/policy}/overview-policy-formal-verification.md (100%) rename community/{ => working-groups}/automated-governance/README.md (100%) rename community/{ => working-groups}/compliance/README.md (100%) rename community/{ => working-groups}/controls/README.md (100%) rename {cloud-native-controls => community/working-groups/controls}/phase-one-announcement.md (100%) rename community/{ => working-groups}/research/README.md (100%) create mode 100644 community/working-groups/supply-chain-security/README.md rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/images/image1.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/images/image2.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/images/image3.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/images/image4.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/images/image5.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/images/image6.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/images/image7.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/secure-software-factory/secure-software-factory.md (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/CNCF_SSCP_v1.pdf (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/README.md (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig1.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig2.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig3.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig4.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig5.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig6.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig7.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig8.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/fig9.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/secure-supply-chain-assessment.md (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig1.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig2.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig3.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig4.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig5.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig6.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig7.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig8.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp-images/fig9.png (100%) rename {supply-chain-security => community/working-groups/supply-chain-security}/supply-chain-security-paper/sscsp.md (100%) delete mode 100644 compliance/README.md delete mode 100644 policy-wg-merging.md delete mode 100644 roadmap.md delete mode 100644 safe_kubecon.md delete mode 100644 supply-chain-security/README.md diff --git a/supply-chain-security/compromises/1975/login-bell.md b/community/catalog/compromises/1975/login-bell.md similarity index 100% rename from supply-chain-security/compromises/1975/login-bell.md rename to community/catalog/compromises/1975/login-bell.md diff --git a/supply-chain-security/compromises/2003/debian.md b/community/catalog/compromises/2003/debian.md similarity index 100% rename from supply-chain-security/compromises/2003/debian.md rename to community/catalog/compromises/2003/debian.md diff --git a/supply-chain-security/compromises/2003/gentoo-rsync.md b/community/catalog/compromises/2003/gentoo-rsync.md similarity index 100% rename from supply-chain-security/compromises/2003/gentoo-rsync.md rename to community/catalog/compromises/2003/gentoo-rsync.md diff --git a/supply-chain-security/compromises/2003/kernel-repository.md b/community/catalog/compromises/2003/kernel-repository.md similarity index 100% rename from supply-chain-security/compromises/2003/kernel-repository.md rename to community/catalog/compromises/2003/kernel-repository.md diff --git a/supply-chain-security/compromises/2007/squirrelmail.md b/community/catalog/compromises/2007/squirrelmail.md similarity index 100% rename from supply-chain-security/compromises/2007/squirrelmail.md rename to community/catalog/compromises/2007/squirrelmail.md diff --git a/supply-chain-security/compromises/2007/wordpress.md b/community/catalog/compromises/2007/wordpress.md similarity index 100% rename from supply-chain-security/compromises/2007/wordpress.md rename to community/catalog/compromises/2007/wordpress.md diff --git a/supply-chain-security/compromises/2008/fedora.md b/community/catalog/compromises/2008/fedora.md similarity index 100% rename from supply-chain-security/compromises/2008/fedora.md rename to community/catalog/compromises/2008/fedora.md diff --git a/supply-chain-security/compromises/2010/apache.md b/community/catalog/compromises/2010/apache.md similarity index 100% rename from supply-chain-security/compromises/2010/apache.md rename to community/catalog/compromises/2010/apache.md diff --git a/supply-chain-security/compromises/2010/aurora.md b/community/catalog/compromises/2010/aurora.md similarity index 100% rename from supply-chain-security/compromises/2010/aurora.md rename to community/catalog/compromises/2010/aurora.md diff --git a/supply-chain-security/compromises/2010/fsf-website.md b/community/catalog/compromises/2010/fsf-website.md similarity index 100% rename from supply-chain-security/compromises/2010/fsf-website.md rename to community/catalog/compromises/2010/fsf-website.md diff --git a/supply-chain-security/compromises/2010/proftpd.md b/community/catalog/compromises/2010/proftpd.md similarity index 100% rename from supply-chain-security/compromises/2010/proftpd.md rename to community/catalog/compromises/2010/proftpd.md diff --git a/supply-chain-security/compromises/2011/kernelorg.md b/community/catalog/compromises/2011/kernelorg.md similarity index 100% rename from supply-chain-security/compromises/2011/kernelorg.md rename to community/catalog/compromises/2011/kernelorg.md diff --git a/supply-chain-security/compromises/2012/ruby-on-rails-github.md b/community/catalog/compromises/2012/ruby-on-rails-github.md similarity index 100% rename from supply-chain-security/compromises/2012/ruby-on-rails-github.md rename to community/catalog/compromises/2012/ruby-on-rails-github.md diff --git a/supply-chain-security/compromises/2013/apt.md b/community/catalog/compromises/2013/apt.md similarity index 100% rename from supply-chain-security/compromises/2013/apt.md rename to community/catalog/compromises/2013/apt.md diff --git a/supply-chain-security/compromises/2014/code-spaces.md b/community/catalog/compromises/2014/code-spaces.md similarity index 100% rename from supply-chain-security/compromises/2014/code-spaces.md rename to community/catalog/compromises/2014/code-spaces.md diff --git a/supply-chain-security/compromises/2014/monju.md b/community/catalog/compromises/2014/monju.md similarity index 100% rename from supply-chain-security/compromises/2014/monju.md rename to community/catalog/compromises/2014/monju.md diff --git a/supply-chain-security/compromises/2015/ceph-and-inktank.md b/community/catalog/compromises/2015/ceph-and-inktank.md similarity index 100% rename from supply-chain-security/compromises/2015/ceph-and-inktank.md rename to community/catalog/compromises/2015/ceph-and-inktank.md diff --git a/supply-chain-security/compromises/2015/juniper.md b/community/catalog/compromises/2015/juniper.md similarity index 100% rename from supply-chain-security/compromises/2015/juniper.md rename to community/catalog/compromises/2015/juniper.md diff --git a/supply-chain-security/compromises/2015/xcodeghost.md b/community/catalog/compromises/2015/xcodeghost.md similarity index 100% rename from supply-chain-security/compromises/2015/xcodeghost.md rename to community/catalog/compromises/2015/xcodeghost.md diff --git a/supply-chain-security/compromises/2016/fosshub.md b/community/catalog/compromises/2016/fosshub.md similarity index 100% rename from supply-chain-security/compromises/2016/fosshub.md rename to community/catalog/compromises/2016/fosshub.md diff --git a/supply-chain-security/compromises/2016/gh-unicode.md b/community/catalog/compromises/2016/gh-unicode.md similarity index 100% rename from supply-chain-security/compromises/2016/gh-unicode.md rename to community/catalog/compromises/2016/gh-unicode.md diff --git a/supply-chain-security/compromises/2016/keydnap.md b/community/catalog/compromises/2016/keydnap.md similarity index 100% rename from supply-chain-security/compromises/2016/keydnap.md rename to community/catalog/compromises/2016/keydnap.md diff --git a/supply-chain-security/compromises/2016/mint.md b/community/catalog/compromises/2016/mint.md similarity index 100% rename from supply-chain-security/compromises/2016/mint.md rename to community/catalog/compromises/2016/mint.md diff --git a/supply-chain-security/compromises/2017/bitcoingold.md b/community/catalog/compromises/2017/bitcoingold.md similarity index 100% rename from supply-chain-security/compromises/2017/bitcoingold.md rename to community/catalog/compromises/2017/bitcoingold.md diff --git a/supply-chain-security/compromises/2017/ccleaner.md b/community/catalog/compromises/2017/ccleaner.md similarity index 100% rename from supply-chain-security/compromises/2017/ccleaner.md rename to community/catalog/compromises/2017/ccleaner.md diff --git a/supply-chain-security/compromises/2017/elmedia.md b/community/catalog/compromises/2017/elmedia.md similarity index 100% rename from supply-chain-security/compromises/2017/elmedia.md rename to community/catalog/compromises/2017/elmedia.md diff --git a/supply-chain-security/compromises/2017/expensivewall.md b/community/catalog/compromises/2017/expensivewall.md similarity index 100% rename from supply-chain-security/compromises/2017/expensivewall.md rename to community/catalog/compromises/2017/expensivewall.md diff --git a/supply-chain-security/compromises/2017/hacktask.md b/community/catalog/compromises/2017/hacktask.md similarity index 100% rename from supply-chain-security/compromises/2017/hacktask.md rename to community/catalog/compromises/2017/hacktask.md diff --git a/supply-chain-security/compromises/2017/handbrake.md b/community/catalog/compromises/2017/handbrake.md similarity index 100% rename from supply-chain-security/compromises/2017/handbrake.md rename to community/catalog/compromises/2017/handbrake.md diff --git a/supply-chain-security/compromises/2017/kingslayer.md b/community/catalog/compromises/2017/kingslayer.md similarity index 100% rename from supply-chain-security/compromises/2017/kingslayer.md rename to community/catalog/compromises/2017/kingslayer.md diff --git a/supply-chain-security/compromises/2017/notpetya.md b/community/catalog/compromises/2017/notpetya.md similarity index 100% rename from supply-chain-security/compromises/2017/notpetya.md rename to community/catalog/compromises/2017/notpetya.md diff --git a/supply-chain-security/compromises/2018/aur.md b/community/catalog/compromises/2018/aur.md similarity index 100% rename from supply-chain-security/compromises/2018/aur.md rename to community/catalog/compromises/2018/aur.md diff --git a/supply-chain-security/compromises/2018/colourama.md b/community/catalog/compromises/2018/colourama.md similarity index 100% rename from supply-chain-security/compromises/2018/colourama.md rename to community/catalog/compromises/2018/colourama.md diff --git a/supply-chain-security/compromises/2018/dofoil.md b/community/catalog/compromises/2018/dofoil.md similarity index 100% rename from supply-chain-security/compromises/2018/dofoil.md rename to community/catalog/compromises/2018/dofoil.md diff --git a/supply-chain-security/compromises/2018/event_stream.md b/community/catalog/compromises/2018/event_stream.md similarity index 100% rename from supply-chain-security/compromises/2018/event_stream.md rename to community/catalog/compromises/2018/event_stream.md diff --git a/supply-chain-security/compromises/2018/gentoo.md b/community/catalog/compromises/2018/gentoo.md similarity index 100% rename from supply-chain-security/compromises/2018/gentoo.md rename to community/catalog/compromises/2018/gentoo.md diff --git a/supply-chain-security/compromises/2018/gogetu.md b/community/catalog/compromises/2018/gogetu.md similarity index 100% rename from supply-chain-security/compromises/2018/gogetu.md rename to community/catalog/compromises/2018/gogetu.md diff --git a/supply-chain-security/compromises/2018/operation-red.md b/community/catalog/compromises/2018/operation-red.md similarity index 100% rename from supply-chain-security/compromises/2018/operation-red.md rename to community/catalog/compromises/2018/operation-red.md diff --git a/supply-chain-security/compromises/2018/unnamed-maker.md b/community/catalog/compromises/2018/unnamed-maker.md similarity index 100% rename from supply-chain-security/compromises/2018/unnamed-maker.md rename to community/catalog/compromises/2018/unnamed-maker.md diff --git a/supply-chain-security/compromises/2019/canonical-github.md b/community/catalog/compromises/2019/canonical-github.md similarity index 100% rename from supply-chain-security/compromises/2019/canonical-github.md rename to community/catalog/compromises/2019/canonical-github.md diff --git a/supply-chain-security/compromises/2019/electron-native-notify.md b/community/catalog/compromises/2019/electron-native-notify.md similarity index 100% rename from supply-chain-security/compromises/2019/electron-native-notify.md rename to community/catalog/compromises/2019/electron-native-notify.md diff --git a/supply-chain-security/compromises/2019/monero.md b/community/catalog/compromises/2019/monero.md similarity index 100% rename from supply-chain-security/compromises/2019/monero.md rename to community/catalog/compromises/2019/monero.md diff --git a/supply-chain-security/compromises/2019/pear.md b/community/catalog/compromises/2019/pear.md similarity index 100% rename from supply-chain-security/compromises/2019/pear.md rename to community/catalog/compromises/2019/pear.md diff --git a/supply-chain-security/compromises/2019/purescript-npm.md b/community/catalog/compromises/2019/purescript-npm.md similarity index 100% rename from supply-chain-security/compromises/2019/purescript-npm.md rename to community/catalog/compromises/2019/purescript-npm.md diff --git a/supply-chain-security/compromises/2019/pypi.md b/community/catalog/compromises/2019/pypi.md similarity index 100% rename from supply-chain-security/compromises/2019/pypi.md rename to community/catalog/compromises/2019/pypi.md diff --git a/supply-chain-security/compromises/2019/ros.md b/community/catalog/compromises/2019/ros.md similarity index 100% rename from supply-chain-security/compromises/2019/ros.md rename to community/catalog/compromises/2019/ros.md diff --git a/supply-chain-security/compromises/2019/shadowhammer.md b/community/catalog/compromises/2019/shadowhammer.md similarity index 100% rename from supply-chain-security/compromises/2019/shadowhammer.md rename to community/catalog/compromises/2019/shadowhammer.md diff --git a/supply-chain-security/compromises/2019/webmin-backdoor.md b/community/catalog/compromises/2019/webmin-backdoor.md similarity index 100% rename from supply-chain-security/compromises/2019/webmin-backdoor.md rename to community/catalog/compromises/2019/webmin-backdoor.md diff --git a/supply-chain-security/compromises/2020/nodejs.md b/community/catalog/compromises/2020/nodejs.md similarity index 100% rename from supply-chain-security/compromises/2020/nodejs.md rename to community/catalog/compromises/2020/nodejs.md diff --git a/supply-chain-security/compromises/2020/octopus_scanner.md b/community/catalog/compromises/2020/octopus_scanner.md similarity index 100% rename from supply-chain-security/compromises/2020/octopus_scanner.md rename to community/catalog/compromises/2020/octopus_scanner.md diff --git a/supply-chain-security/compromises/2020/solarwinds.md b/community/catalog/compromises/2020/solarwinds.md similarity index 100% rename from supply-chain-security/compromises/2020/solarwinds.md rename to community/catalog/compromises/2020/solarwinds.md diff --git a/supply-chain-security/compromises/2020/sonarqube.md b/community/catalog/compromises/2020/sonarqube.md similarity index 100% rename from supply-chain-security/compromises/2020/sonarqube.md rename to community/catalog/compromises/2020/sonarqube.md diff --git a/supply-chain-security/compromises/2020/thegreatsuspender.md b/community/catalog/compromises/2020/thegreatsuspender.md similarity index 100% rename from supply-chain-security/compromises/2020/thegreatsuspender.md rename to community/catalog/compromises/2020/thegreatsuspender.md diff --git a/supply-chain-security/compromises/2020/trojanized-fdm.md b/community/catalog/compromises/2020/trojanized-fdm.md similarity index 100% rename from supply-chain-security/compromises/2020/trojanized-fdm.md rename to community/catalog/compromises/2020/trojanized-fdm.md diff --git a/supply-chain-security/compromises/2021/coa-rc.md b/community/catalog/compromises/2021/coa-rc.md similarity index 100% rename from supply-chain-security/compromises/2021/coa-rc.md rename to community/catalog/compromises/2021/coa-rc.md diff --git a/supply-chain-security/compromises/2021/codecov.md b/community/catalog/compromises/2021/codecov.md similarity index 100% rename from supply-chain-security/compromises/2021/codecov.md rename to community/catalog/compromises/2021/codecov.md diff --git a/supply-chain-security/compromises/2021/homebrew.md b/community/catalog/compromises/2021/homebrew.md similarity index 100% rename from supply-chain-security/compromises/2021/homebrew.md rename to community/catalog/compromises/2021/homebrew.md diff --git a/supply-chain-security/compromises/2021/klow-klown-okhsa.md b/community/catalog/compromises/2021/klow-klown-okhsa.md similarity index 100% rename from supply-chain-security/compromises/2021/klow-klown-okhsa.md rename to community/catalog/compromises/2021/klow-klown-okhsa.md diff --git a/supply-chain-security/compromises/2021/log4j.md b/community/catalog/compromises/2021/log4j.md similarity index 100% rename from supply-chain-security/compromises/2021/log4j.md rename to community/catalog/compromises/2021/log4j.md diff --git a/supply-chain-security/compromises/2021/php.md b/community/catalog/compromises/2021/php.md similarity index 100% rename from supply-chain-security/compromises/2021/php.md rename to community/catalog/compromises/2021/php.md diff --git a/supply-chain-security/compromises/2021/repojacking.md b/community/catalog/compromises/2021/repojacking.md similarity index 100% rename from supply-chain-security/compromises/2021/repojacking.md rename to community/catalog/compromises/2021/repojacking.md diff --git a/supply-chain-security/compromises/2021/travis-ci.md b/community/catalog/compromises/2021/travis-ci.md similarity index 100% rename from supply-chain-security/compromises/2021/travis-ci.md rename to community/catalog/compromises/2021/travis-ci.md diff --git a/supply-chain-security/compromises/2021/ua-parser-js.md b/community/catalog/compromises/2021/ua-parser-js.md similarity index 100% rename from supply-chain-security/compromises/2021/ua-parser-js.md rename to community/catalog/compromises/2021/ua-parser-js.md diff --git a/supply-chain-security/compromises/2021/vscode.md b/community/catalog/compromises/2021/vscode.md similarity index 100% rename from supply-chain-security/compromises/2021/vscode.md rename to community/catalog/compromises/2021/vscode.md diff --git a/supply-chain-security/compromises/2022/Comm100-live-chat-trojan.md b/community/catalog/compromises/2022/Comm100-live-chat-trojan.md similarity index 100% rename from supply-chain-security/compromises/2022/Comm100-live-chat-trojan.md rename to community/catalog/compromises/2022/Comm100-live-chat-trojan.md diff --git a/supply-chain-security/compromises/2022/auth0-source-code-leak.md b/community/catalog/compromises/2022/auth0-source-code-leak.md similarity index 100% rename from supply-chain-security/compromises/2022/auth0-source-code-leak.md rename to community/catalog/compromises/2022/auth0-source-code-leak.md diff --git a/supply-chain-security/compromises/2022/ctx-and-phpass.md b/community/catalog/compromises/2022/ctx-and-phpass.md similarity index 100% rename from supply-chain-security/compromises/2022/ctx-and-phpass.md rename to community/catalog/compromises/2022/ctx-and-phpass.md diff --git a/supply-chain-security/compromises/2022/docker-hub-malicious-containers.md b/community/catalog/compromises/2022/docker-hub-malicious-containers.md similarity index 100% rename from supply-chain-security/compromises/2022/docker-hub-malicious-containers.md rename to community/catalog/compromises/2022/docker-hub-malicious-containers.md diff --git a/supply-chain-security/compromises/2022/dropbox-github-account-breach.md b/community/catalog/compromises/2022/dropbox-github-account-breach.md similarity index 100% rename from supply-chain-security/compromises/2022/dropbox-github-account-breach.md rename to community/catalog/compromises/2022/dropbox-github-account-breach.md diff --git a/supply-chain-security/compromises/2022/fantasy.md b/community/catalog/compromises/2022/fantasy.md similarity index 100% rename from supply-chain-security/compromises/2022/fantasy.md rename to community/catalog/compromises/2022/fantasy.md diff --git a/supply-chain-security/compromises/2022/golang-buildpacks-compiler.md b/community/catalog/compromises/2022/golang-buildpacks-compiler.md similarity index 100% rename from supply-chain-security/compromises/2022/golang-buildpacks-compiler.md rename to community/catalog/compromises/2022/golang-buildpacks-compiler.md diff --git a/supply-chain-security/compromises/2022/intel-alder-lake-BIOS-leak.md b/community/catalog/compromises/2022/intel-alder-lake-BIOS-leak.md similarity index 100% rename from supply-chain-security/compromises/2022/intel-alder-lake-BIOS-leak.md rename to community/catalog/compromises/2022/intel-alder-lake-BIOS-leak.md diff --git a/supply-chain-security/compromises/2022/js-faker-colors.md b/community/catalog/compromises/2022/js-faker-colors.md similarity index 100% rename from supply-chain-security/compromises/2022/js-faker-colors.md rename to community/catalog/compromises/2022/js-faker-colors.md diff --git a/supply-chain-security/compromises/2022/node-ipc-peacenotwar.md b/community/catalog/compromises/2022/node-ipc-peacenotwar.md similarity index 100% rename from supply-chain-security/compromises/2022/node-ipc-peacenotwar.md rename to community/catalog/compromises/2022/node-ipc-peacenotwar.md diff --git a/supply-chain-security/compromises/2022/okta-github-repo-leak.md b/community/catalog/compromises/2022/okta-github-repo-leak.md similarity index 100% rename from supply-chain-security/compromises/2022/okta-github-repo-leak.md rename to community/catalog/compromises/2022/okta-github-repo-leak.md diff --git a/supply-chain-security/compromises/2022/php-pear-compromise.md b/community/catalog/compromises/2022/php-pear-compromise.md similarity index 100% rename from supply-chain-security/compromises/2022/php-pear-compromise.md rename to community/catalog/compromises/2022/php-pear-compromise.md diff --git a/supply-chain-security/compromises/2022/pypi-malicious-packages.md b/community/catalog/compromises/2022/pypi-malicious-packages.md similarity index 100% rename from supply-chain-security/compromises/2022/pypi-malicious-packages.md rename to community/catalog/compromises/2022/pypi-malicious-packages.md diff --git a/supply-chain-security/compromises/2022/ruby-override.md b/community/catalog/compromises/2022/ruby-override.md similarity index 100% rename from supply-chain-security/compromises/2022/ruby-override.md rename to community/catalog/compromises/2022/ruby-override.md diff --git a/supply-chain-security/compromises/2022/wp-apthemes.md b/community/catalog/compromises/2022/wp-apthemes.md similarity index 100% rename from supply-chain-security/compromises/2022/wp-apthemes.md rename to community/catalog/compromises/2022/wp-apthemes.md diff --git a/supply-chain-security/compromises/2023/fake-dependabot.md b/community/catalog/compromises/2023/fake-dependabot.md similarity index 100% rename from supply-chain-security/compromises/2023/fake-dependabot.md rename to community/catalog/compromises/2023/fake-dependabot.md diff --git a/supply-chain-security/compromises/2023/mathjs-min.md b/community/catalog/compromises/2023/mathjs-min.md similarity index 100% rename from supply-chain-security/compromises/2023/mathjs-min.md rename to community/catalog/compromises/2023/mathjs-min.md diff --git a/supply-chain-security/compromises/2023/packagist-maintainer-takeover.md b/community/catalog/compromises/2023/packagist-maintainer-takeover.md similarity index 100% rename from supply-chain-security/compromises/2023/packagist-maintainer-takeover.md rename to community/catalog/compromises/2023/packagist-maintainer-takeover.md diff --git a/supply-chain-security/compromises/2023/retool-portal-mfa.md b/community/catalog/compromises/2023/retool-portal-mfa.md similarity index 100% rename from supply-chain-security/compromises/2023/retool-portal-mfa.md rename to community/catalog/compromises/2023/retool-portal-mfa.md diff --git a/supply-chain-security/compromises/2023/xmlsec-manageengine.md b/community/catalog/compromises/2023/xmlsec-manageengine.md similarity index 100% rename from supply-chain-security/compromises/2023/xmlsec-manageengine.md rename to community/catalog/compromises/2023/xmlsec-manageengine.md diff --git a/supply-chain-security/compromises/2024/gitgot.md b/community/catalog/compromises/2024/gitgot.md similarity index 100% rename from supply-chain-security/compromises/2024/gitgot.md rename to community/catalog/compromises/2024/gitgot.md diff --git a/supply-chain-security/compromises/2024/laixi-3proxy.md b/community/catalog/compromises/2024/laixi-3proxy.md similarity index 100% rename from supply-chain-security/compromises/2024/laixi-3proxy.md rename to community/catalog/compromises/2024/laixi-3proxy.md diff --git a/supply-chain-security/compromises/2024/targeted-signed-endoor.md b/community/catalog/compromises/2024/targeted-signed-endoor.md similarity index 100% rename from supply-chain-security/compromises/2024/targeted-signed-endoor.md rename to community/catalog/compromises/2024/targeted-signed-endoor.md diff --git a/supply-chain-security/compromises/2024/xz.md b/community/catalog/compromises/2024/xz.md similarity index 100% rename from supply-chain-security/compromises/2024/xz.md rename to community/catalog/compromises/2024/xz.md diff --git a/supply-chain-security/compromises/README.md b/community/catalog/compromises/README.md similarity index 100% rename from supply-chain-security/compromises/README.md rename to community/catalog/compromises/README.md diff --git a/supply-chain-security/compromises/compromise-definitions.md b/community/catalog/compromises/compromise-definitions.md similarity index 100% rename from supply-chain-security/compromises/compromise-definitions.md rename to community/catalog/compromises/compromise-definitions.md diff --git a/cloud_native_security.md b/community/events/cloud_native_security.md similarity index 100% rename from cloud_native_security.md rename to community/events/cloud_native_security.md diff --git a/past-events.md b/community/events/past-events.md similarity index 100% rename from past-events.md rename to community/events/past-events.md diff --git a/publications/README.md b/community/publications/README.md similarity index 100% rename from publications/README.md rename to community/publications/README.md diff --git a/audio-versions/README.md b/community/publications/audio-versions/README.md similarity index 100% rename from audio-versions/README.md rename to community/publications/audio-versions/README.md diff --git a/publications/authoring-guidelines.md b/community/publications/authoring-guidelines.md similarity index 100% rename from publications/authoring-guidelines.md rename to community/publications/authoring-guidelines.md diff --git a/publications/paper-process.md b/community/publications/paper-process.md similarity index 100% rename from publications/paper-process.md rename to community/publications/paper-process.md diff --git a/publications/publishing-protocols.md b/community/publications/publishing-protocols.md similarity index 100% rename from publications/publishing-protocols.md rename to community/publications/publishing-protocols.md diff --git a/design/README.md b/community/resources/design/README.md similarity index 100% rename from design/README.md rename to community/resources/design/README.md diff --git a/design/colors/#141419.png b/community/resources/design/colors/#141419.png similarity index 100% rename from design/colors/#141419.png rename to community/resources/design/colors/#141419.png diff --git a/design/colors/#152356.png b/community/resources/design/colors/#152356.png similarity index 100% rename from design/colors/#152356.png rename to community/resources/design/colors/#152356.png diff --git a/design/colors/#389BB2.png b/community/resources/design/colors/#389BB2.png similarity index 100% rename from design/colors/#389BB2.png rename to community/resources/design/colors/#389BB2.png diff --git a/design/colors/#474756.png b/community/resources/design/colors/#474756.png similarity index 100% rename from design/colors/#474756.png rename to community/resources/design/colors/#474756.png diff --git a/design/colors/#4A6CA4.png b/community/resources/design/colors/#4A6CA4.png similarity index 100% rename from design/colors/#4A6CA4.png rename to community/resources/design/colors/#4A6CA4.png diff --git a/design/colors/#6F6F7F.png b/community/resources/design/colors/#6F6F7F.png similarity index 100% rename from design/colors/#6F6F7F.png rename to community/resources/design/colors/#6F6F7F.png diff --git a/design/colors/#85C2D2.png b/community/resources/design/colors/#85C2D2.png similarity index 100% rename from design/colors/#85C2D2.png rename to community/resources/design/colors/#85C2D2.png diff --git a/design/colors/#D81637.png b/community/resources/design/colors/#D81637.png similarity index 100% rename from design/colors/#D81637.png rename to community/resources/design/colors/#D81637.png diff --git a/design/colors/#F7C906.png b/community/resources/design/colors/#F7C906.png similarity index 100% rename from design/colors/#F7C906.png rename to community/resources/design/colors/#F7C906.png diff --git a/design/colors/#F98903.png b/community/resources/design/colors/#F98903.png similarity index 100% rename from design/colors/#F98903.png rename to community/resources/design/colors/#F98903.png diff --git a/design/logo/cloud-native-security-horizontal-color.png b/community/resources/design/logo/cloud-native-security-horizontal-color.png similarity index 100% rename from design/logo/cloud-native-security-horizontal-color.png rename to community/resources/design/logo/cloud-native-security-horizontal-color.png diff --git a/design/logo/cloud-native-security-horizontal-color.svg b/community/resources/design/logo/cloud-native-security-horizontal-color.svg similarity index 100% rename from design/logo/cloud-native-security-horizontal-color.svg rename to community/resources/design/logo/cloud-native-security-horizontal-color.svg diff --git a/design/logo/cloud-native-security-horizontal-darkmodesafe.png b/community/resources/design/logo/cloud-native-security-horizontal-darkmodesafe.png similarity index 100% rename from design/logo/cloud-native-security-horizontal-darkmodesafe.png rename to community/resources/design/logo/cloud-native-security-horizontal-darkmodesafe.png diff --git a/design/logo/cloud-native-security-horizontal-darkmodesafe.svg b/community/resources/design/logo/cloud-native-security-horizontal-darkmodesafe.svg similarity index 100% rename from design/logo/cloud-native-security-horizontal-darkmodesafe.svg rename to community/resources/design/logo/cloud-native-security-horizontal-darkmodesafe.svg diff --git a/design/logo/cloud-native-security-horizontal-white-display.png b/community/resources/design/logo/cloud-native-security-horizontal-white-display.png similarity index 100% rename from design/logo/cloud-native-security-horizontal-white-display.png rename to community/resources/design/logo/cloud-native-security-horizontal-white-display.png diff --git a/design/logo/cloud-native-security-horizontal-white.png b/community/resources/design/logo/cloud-native-security-horizontal-white.png similarity index 100% rename from design/logo/cloud-native-security-horizontal-white.png rename to community/resources/design/logo/cloud-native-security-horizontal-white.png diff --git a/design/logo/cloud-native-security-horizontal-white.svg b/community/resources/design/logo/cloud-native-security-horizontal-white.svg similarity index 100% rename from design/logo/cloud-native-security-horizontal-white.svg rename to community/resources/design/logo/cloud-native-security-horizontal-white.svg diff --git a/design/logo/cloud-native-security-icon-color.png b/community/resources/design/logo/cloud-native-security-icon-color.png similarity index 100% rename from design/logo/cloud-native-security-icon-color.png rename to community/resources/design/logo/cloud-native-security-icon-color.png diff --git a/design/logo/cloud-native-security-icon-color.svg b/community/resources/design/logo/cloud-native-security-icon-color.svg similarity index 100% rename from design/logo/cloud-native-security-icon-color.svg rename to community/resources/design/logo/cloud-native-security-icon-color.svg diff --git a/design/logo/cloud-native-security-icon-white-display.png b/community/resources/design/logo/cloud-native-security-icon-white-display.png similarity index 100% rename from design/logo/cloud-native-security-icon-white-display.png rename to community/resources/design/logo/cloud-native-security-icon-white-display.png diff --git a/design/logo/cloud-native-security-icon-white.png b/community/resources/design/logo/cloud-native-security-icon-white.png similarity index 100% rename from design/logo/cloud-native-security-icon-white.png rename to community/resources/design/logo/cloud-native-security-icon-white.png diff --git a/design/logo/cloud-native-security-icon-white.svg b/community/resources/design/logo/cloud-native-security-icon-white.svg similarity index 100% rename from design/logo/cloud-native-security-icon-white.svg rename to community/resources/design/logo/cloud-native-security-icon-white.svg diff --git a/design/logo/cloud-native-security-stacked-color.png b/community/resources/design/logo/cloud-native-security-stacked-color.png similarity index 100% rename from design/logo/cloud-native-security-stacked-color.png rename to community/resources/design/logo/cloud-native-security-stacked-color.png diff --git a/design/logo/cloud-native-security-stacked-color.svg b/community/resources/design/logo/cloud-native-security-stacked-color.svg similarity index 100% rename from design/logo/cloud-native-security-stacked-color.svg rename to community/resources/design/logo/cloud-native-security-stacked-color.svg diff --git a/design/logo/cloud-native-security-stacked-white-display.png b/community/resources/design/logo/cloud-native-security-stacked-white-display.png similarity index 100% rename from design/logo/cloud-native-security-stacked-white-display.png rename to community/resources/design/logo/cloud-native-security-stacked-white-display.png diff --git a/design/logo/cloud-native-security-stacked-white.png b/community/resources/design/logo/cloud-native-security-stacked-white.png similarity index 100% rename from design/logo/cloud-native-security-stacked-white.png rename to community/resources/design/logo/cloud-native-security-stacked-white.png diff --git a/design/logo/cloud-native-security-stacked-white.svg b/community/resources/design/logo/cloud-native-security-stacked-white.svg similarity index 100% rename from design/logo/cloud-native-security-stacked-white.svg rename to community/resources/design/logo/cloud-native-security-stacked-white.svg diff --git a/landscape/README.md b/community/resources/landscape/README.md similarity index 100% rename from landscape/README.md rename to community/resources/landscape/README.md diff --git a/landscape/approach.md b/community/resources/landscape/approach.md similarity index 100% rename from landscape/approach.md rename to community/resources/landscape/approach.md diff --git a/landscape/categories.md b/community/resources/landscape/categories.md similarity index 100% rename from landscape/categories.md rename to community/resources/landscape/categories.md diff --git a/project-resources/README.md b/community/resources/project-resources/README.md similarity index 100% rename from project-resources/README.md rename to community/resources/project-resources/README.md diff --git a/project-resources/templates/ISSUE_TEMPLATE.md b/community/resources/project-resources/templates/ISSUE_TEMPLATE.md similarity index 100% rename from project-resources/templates/ISSUE_TEMPLATE.md rename to community/resources/project-resources/templates/ISSUE_TEMPLATE.md diff --git a/project-resources/templates/SECURITY.md b/community/resources/project-resources/templates/SECURITY.md similarity index 100% rename from project-resources/templates/SECURITY.md rename to community/resources/project-resources/templates/SECURITY.md diff --git a/project-resources/templates/SECURITY_CONTACTS.md b/community/resources/project-resources/templates/SECURITY_CONTACTS.md similarity index 100% rename from project-resources/templates/SECURITY_CONTACTS.md rename to community/resources/project-resources/templates/SECURITY_CONTACTS.md diff --git a/project-resources/templates/embargo-policy.md b/community/resources/project-resources/templates/embargo-policy.md similarity index 100% rename from project-resources/templates/embargo-policy.md rename to community/resources/project-resources/templates/embargo-policy.md diff --git a/project-resources/templates/embargo.md b/community/resources/project-resources/templates/embargo.md similarity index 100% rename from project-resources/templates/embargo.md rename to community/resources/project-resources/templates/embargo.md diff --git a/project-resources/templates/incident-response.md b/community/resources/project-resources/templates/incident-response.md similarity index 100% rename from project-resources/templates/incident-response.md rename to community/resources/project-resources/templates/incident-response.md diff --git a/provenance-implementation/README.md b/community/resources/provenance-implementation/README.md similarity index 100% rename from provenance-implementation/README.md rename to community/resources/provenance-implementation/README.md diff --git a/provenance-implementation/argo/argo-cd.md b/community/resources/provenance-implementation/argo/argo-cd.md similarity index 100% rename from provenance-implementation/argo/argo-cd.md rename to community/resources/provenance-implementation/argo/argo-cd.md diff --git a/security-fuzzing-handbook/README.md b/community/resources/security-fuzzing-handbook/README.md similarity index 100% rename from security-fuzzing-handbook/README.md rename to community/resources/security-fuzzing-handbook/README.md diff --git a/security-fuzzing-handbook/build.sh b/community/resources/security-fuzzing-handbook/build.sh similarity index 100% rename from security-fuzzing-handbook/build.sh rename to community/resources/security-fuzzing-handbook/build.sh diff --git a/security-fuzzing-handbook/fuzzing-handbook.md b/community/resources/security-fuzzing-handbook/fuzzing-handbook.md similarity index 100% rename from security-fuzzing-handbook/fuzzing-handbook.md rename to community/resources/security-fuzzing-handbook/fuzzing-handbook.md diff --git a/security-fuzzing-handbook/handbook-fuzzing.pdf b/community/resources/security-fuzzing-handbook/handbook-fuzzing.pdf similarity index 100% rename from security-fuzzing-handbook/handbook-fuzzing.pdf rename to community/resources/security-fuzzing-handbook/handbook-fuzzing.pdf diff --git a/security-fuzzing-handbook/imgs/Code-coverage-of-example-project.png b/community/resources/security-fuzzing-handbook/imgs/Code-coverage-of-example-project.png similarity index 100% rename from security-fuzzing-handbook/imgs/Code-coverage-of-example-project.png rename to community/resources/security-fuzzing-handbook/imgs/Code-coverage-of-example-project.png diff --git a/security-fuzzing-handbook/imgs/Coverage-guided-fuzzing-overview.png b/community/resources/security-fuzzing-handbook/imgs/Coverage-guided-fuzzing-overview.png similarity index 100% rename from security-fuzzing-handbook/imgs/Coverage-guided-fuzzing-overview.png rename to community/resources/security-fuzzing-handbook/imgs/Coverage-guided-fuzzing-overview.png diff --git a/security-fuzzing-handbook/imgs/Function-level-fuzzing-introspection.png b/community/resources/security-fuzzing-handbook/imgs/Function-level-fuzzing-introspection.png similarity index 100% rename from security-fuzzing-handbook/imgs/Function-level-fuzzing-introspection.png rename to community/resources/security-fuzzing-handbook/imgs/Function-level-fuzzing-introspection.png diff --git a/security-fuzzing-handbook/imgs/Fuzzing-code-coverage-report.png b/community/resources/security-fuzzing-handbook/imgs/Fuzzing-code-coverage-report.png similarity index 100% rename from security-fuzzing-handbook/imgs/Fuzzing-code-coverage-report.png rename to community/resources/security-fuzzing-handbook/imgs/Fuzzing-code-coverage-report.png diff --git a/security-fuzzing-handbook/imgs/Fuzzing-key-components.png b/community/resources/security-fuzzing-handbook/imgs/Fuzzing-key-components.png similarity index 100% rename from security-fuzzing-handbook/imgs/Fuzzing-key-components.png rename to community/resources/security-fuzzing-handbook/imgs/Fuzzing-key-components.png diff --git a/security-fuzzing-handbook/imgs/Historical-progession-of-example-project.png b/community/resources/security-fuzzing-handbook/imgs/Historical-progession-of-example-project.png similarity index 100% rename from security-fuzzing-handbook/imgs/Historical-progession-of-example-project.png rename to community/resources/security-fuzzing-handbook/imgs/Historical-progession-of-example-project.png diff --git a/security-fuzzing-handbook/imgs/LibFuzzer-engine-overview.png b/community/resources/security-fuzzing-handbook/imgs/LibFuzzer-engine-overview.png similarity index 100% rename from security-fuzzing-handbook/imgs/LibFuzzer-engine-overview.png rename to community/resources/security-fuzzing-handbook/imgs/LibFuzzer-engine-overview.png diff --git a/security-fuzzing-handbook/imgs/Minimized-testcase-provided-per-issue.png b/community/resources/security-fuzzing-handbook/imgs/Minimized-testcase-provided-per-issue.png similarity index 100% rename from security-fuzzing-handbook/imgs/Minimized-testcase-provided-per-issue.png rename to community/resources/security-fuzzing-handbook/imgs/Minimized-testcase-provided-per-issue.png diff --git a/security-fuzzing-handbook/imgs/Monorail-issues-are-closed-automatically.png b/community/resources/security-fuzzing-handbook/imgs/Monorail-issues-are-closed-automatically.png similarity index 100% rename from security-fuzzing-handbook/imgs/Monorail-issues-are-closed-automatically.png rename to community/resources/security-fuzzing-handbook/imgs/Monorail-issues-are-closed-automatically.png diff --git a/security-fuzzing-handbook/imgs/OSS-Fuzz-GitHub-bot-automatically-closes-issus.png b/community/resources/security-fuzzing-handbook/imgs/OSS-Fuzz-GitHub-bot-automatically-closes-issus.png similarity index 100% rename from security-fuzzing-handbook/imgs/OSS-Fuzz-GitHub-bot-automatically-closes-issus.png rename to community/resources/security-fuzzing-handbook/imgs/OSS-Fuzz-GitHub-bot-automatically-closes-issus.png diff --git a/security-fuzzing-handbook/imgs/OSS-Fuzz-GitHub-bot-reporting-an-issue.png b/community/resources/security-fuzzing-handbook/imgs/OSS-Fuzz-GitHub-bot-reporting-an-issue.png similarity index 100% rename from security-fuzzing-handbook/imgs/OSS-Fuzz-GitHub-bot-reporting-an-issue.png rename to community/resources/security-fuzzing-handbook/imgs/OSS-Fuzz-GitHub-bot-reporting-an-issue.png diff --git a/security-fuzzing-handbook/imgs/OSS-Fuzz-detailed-stack-trace.png b/community/resources/security-fuzzing-handbook/imgs/OSS-Fuzz-detailed-stack-trace.png similarity index 100% rename from security-fuzzing-handbook/imgs/OSS-Fuzz-detailed-stack-trace.png rename to community/resources/security-fuzzing-handbook/imgs/OSS-Fuzz-detailed-stack-trace.png diff --git a/security-fuzzing-handbook/imgs/OSS-Fuzz-issue-overview.png b/community/resources/security-fuzzing-handbook/imgs/OSS-Fuzz-issue-overview.png similarity index 100% rename from security-fuzzing-handbook/imgs/OSS-Fuzz-issue-overview.png rename to community/resources/security-fuzzing-handbook/imgs/OSS-Fuzz-issue-overview.png diff --git a/security-fuzzing-handbook/imgs/Open-source-fuzz-introspection-overview.png b/community/resources/security-fuzzing-handbook/imgs/Open-source-fuzz-introspection-overview.png similarity index 100% rename from security-fuzzing-handbook/imgs/Open-source-fuzz-introspection-overview.png rename to community/resources/security-fuzzing-handbook/imgs/Open-source-fuzz-introspection-overview.png diff --git a/security-fuzzing-handbook/imgs/Source-level-code-coverage.png b/community/resources/security-fuzzing-handbook/imgs/Source-level-code-coverage.png similarity index 100% rename from security-fuzzing-handbook/imgs/Source-level-code-coverage.png rename to community/resources/security-fuzzing-handbook/imgs/Source-level-code-coverage.png diff --git a/security-fuzzing-handbook/imgs/cncf-logo-footer.png b/community/resources/security-fuzzing-handbook/imgs/cncf-logo-footer.png similarity index 100% rename from security-fuzzing-handbook/imgs/cncf-logo-footer.png rename to community/resources/security-fuzzing-handbook/imgs/cncf-logo-footer.png diff --git a/security-fuzzing-handbook/imgs/cncf-stacked-color.png b/community/resources/security-fuzzing-handbook/imgs/cncf-stacked-color.png similarity index 100% rename from security-fuzzing-handbook/imgs/cncf-stacked-color.png rename to community/resources/security-fuzzing-handbook/imgs/cncf-stacked-color.png diff --git a/security-fuzzing-handbook/imgs/envoy-introspector-profile.png b/community/resources/security-fuzzing-handbook/imgs/envoy-introspector-profile.png similarity index 100% rename from security-fuzzing-handbook/imgs/envoy-introspector-profile.png rename to community/resources/security-fuzzing-handbook/imgs/envoy-introspector-profile.png diff --git a/security-fuzzing-handbook/imgs/vitess-fuzzing-landscape.png b/community/resources/security-fuzzing-handbook/imgs/vitess-fuzzing-landscape.png similarity index 100% rename from security-fuzzing-handbook/imgs/vitess-fuzzing-landscape.png rename to community/resources/security-fuzzing-handbook/imgs/vitess-fuzzing-landscape.png diff --git a/security-lexicon/README.md b/community/resources/security-lexicon/README.md similarity index 100% rename from security-lexicon/README.md rename to community/resources/security-lexicon/README.md diff --git a/security-lexicon/cloud-native-security-lexicon.md b/community/resources/security-lexicon/cloud-native-security-lexicon.md similarity index 100% rename from security-lexicon/cloud-native-security-lexicon.md rename to community/resources/security-lexicon/cloud-native-security-lexicon.md diff --git a/security-whitepaper/README.md b/community/resources/security-whitepaper/README.md similarity index 100% rename from security-whitepaper/README.md rename to community/resources/security-whitepaper/README.md diff --git a/security-whitepaper/cnsmap/README.md b/community/resources/security-whitepaper/cnsmap/README.md similarity index 100% rename from security-whitepaper/cnsmap/README.md rename to community/resources/security-whitepaper/cnsmap/README.md diff --git a/security-whitepaper/secure-defaults-cloud-native-8.md b/community/resources/security-whitepaper/secure-defaults-cloud-native-8.md similarity index 100% rename from security-whitepaper/secure-defaults-cloud-native-8.md rename to community/resources/security-whitepaper/secure-defaults-cloud-native-8.md diff --git a/security-whitepaper/v1/CNCF_cloud-native-security-whitepaper-Nov2020.pdf b/community/resources/security-whitepaper/v1/CNCF_cloud-native-security-whitepaper-Nov2020.pdf similarity index 100% rename from security-whitepaper/v1/CNCF_cloud-native-security-whitepaper-Nov2020.pdf rename to community/resources/security-whitepaper/v1/CNCF_cloud-native-security-whitepaper-Nov2020.pdf diff --git a/security-whitepaper/v1/cloud-native-security-whitepaper-brazilian-portugese.md b/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-brazilian-portugese.md similarity index 100% rename from security-whitepaper/v1/cloud-native-security-whitepaper-brazilian-portugese.md rename to community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-brazilian-portugese.md diff --git a/security-whitepaper/v1/cloud-native-security-whitepaper-simplified-chinese.md b/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-simplified-chinese.md similarity index 100% rename from security-whitepaper/v1/cloud-native-security-whitepaper-simplified-chinese.md rename to community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-simplified-chinese.md diff --git a/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md b/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md similarity index 100% rename from security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md rename to community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md diff --git a/security-whitepaper/v1/cloud-native-security-whitepaper.md b/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper.md similarity index 100% rename from security-whitepaper/v1/cloud-native-security-whitepaper.md rename to community/resources/security-whitepaper/v1/cloud-native-security-whitepaper.md diff --git a/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure1.png b/community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure1.png similarity index 100% rename from security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure1.png rename to community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure1.png diff --git a/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure2.png b/community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure2.png similarity index 100% rename from security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure2.png rename to community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure2.png diff --git a/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure3.png b/community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure3.png similarity index 100% rename from security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure3.png rename to community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure3.png diff --git a/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure4.png b/community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure4.png similarity index 100% rename from security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure4.png rename to community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure4.png diff --git a/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure5.png b/community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure5.png similarity index 100% rename from security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure5.png rename to community/resources/security-whitepaper/v1/cnswp-images/RackMultipart20201111_figure5.png diff --git a/security-whitepaper/v1/secure-software-factory.md b/community/resources/security-whitepaper/v1/secure-software-factory.md similarity index 100% rename from security-whitepaper/v1/secure-software-factory.md rename to community/resources/security-whitepaper/v1/secure-software-factory.md diff --git a/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf b/community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf similarity index 100% rename from security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf rename to community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf diff --git a/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-cn-Sept2023-v2.pdf b/community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-cn-Sept2023-v2.pdf similarity index 100% rename from security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-cn-Sept2023-v2.pdf rename to community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-cn-Sept2023-v2.pdf diff --git a/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-it-May2023-v2.pdf b/community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-it-May2023-v2.pdf similarity index 100% rename from security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-it-May2023-v2.pdf rename to community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-it-May2023-v2.pdf diff --git a/security-whitepaper/v2/cloud-native-security-whitepaper-it.md b/community/resources/security-whitepaper/v2/cloud-native-security-whitepaper-it.md similarity index 100% rename from security-whitepaper/v2/cloud-native-security-whitepaper-it.md rename to community/resources/security-whitepaper/v2/cloud-native-security-whitepaper-it.md diff --git a/security-whitepaper/v2/cloud-native-security-whitepaper-ja.md b/community/resources/security-whitepaper/v2/cloud-native-security-whitepaper-ja.md similarity index 100% rename from security-whitepaper/v2/cloud-native-security-whitepaper-ja.md rename to community/resources/security-whitepaper/v2/cloud-native-security-whitepaper-ja.md diff --git a/security-whitepaper/v2/cloud-native-security-whitepaper-simplified-chinese.md b/community/resources/security-whitepaper/v2/cloud-native-security-whitepaper-simplified-chinese.md similarity index 100% rename from security-whitepaper/v2/cloud-native-security-whitepaper-simplified-chinese.md rename to community/resources/security-whitepaper/v2/cloud-native-security-whitepaper-simplified-chinese.md diff --git a/security-whitepaper/v2/cloud-native-security-whitepaper.md b/community/resources/security-whitepaper/v2/cloud-native-security-whitepaper.md similarity index 100% rename from security-whitepaper/v2/cloud-native-security-whitepaper.md rename to community/resources/security-whitepaper/v2/cloud-native-security-whitepaper.md diff --git a/security-whitepaper/v2/cnswp-images/cnswp-v2-figure1.png b/community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-figure1.png similarity index 100% rename from security-whitepaper/v2/cnswp-images/cnswp-v2-figure1.png rename to community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-figure1.png diff --git a/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-deploy.png b/community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-deploy.png similarity index 100% rename from security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-deploy.png rename to community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-deploy.png diff --git a/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-develop.png b/community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-develop.png similarity index 100% rename from security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-develop.png rename to community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-develop.png diff --git a/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-distribute.png b/community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-distribute.png similarity index 100% rename from security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-distribute.png rename to community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-distribute.png diff --git a/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-runtime.png b/community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-runtime.png similarity index 100% rename from security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-runtime.png rename to community/resources/security-whitepaper/v2/cnswp-images/cnswp-v2-security-structural-model-runtime.png diff --git a/usecase-personas/README.md b/community/resources/usecase-personas/README.md similarity index 100% rename from usecase-personas/README.md rename to community/resources/usecase-personas/README.md diff --git a/usecase-personas/references/admin-bill-of-rights.md b/community/resources/usecase-personas/references/admin-bill-of-rights.md similarity index 100% rename from usecase-personas/references/admin-bill-of-rights.md rename to community/resources/usecase-personas/references/admin-bill-of-rights.md diff --git a/community/supply-chain-security/README.md b/community/supply-chain-security/README.md deleted file mode 100644 index 1cd84d8e1..000000000 --- a/community/supply-chain-security/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# Software Supply Chain Security - -Software Supply Chain attacks have come to the wider community's attention following a recent high-profile attack, but have been an ongoing threat for a long time. With the ever-growing importance of free and open source software, software supply chain security is crucial, particularly in cloud native environments where everything is software-defined. - -## Meeting Information - -- **Weekly Meetings:** 8:00 AM Pacific Time (US and Canada) -- **Meeting Link:** See CNCF calendar for invite -- **Meeting Notes:** [Google Docs](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit#heading=h.xkkh09c7ni6) - -## Contact - -- **Lead:** Marina Moore, Michael Lieberman, John Kjell -- **Slack Channel:** [Link](https://cloud-native.slack.com/archives/C01KL0B4LKC) diff --git a/policy/PolicyFormalVerificationDiagram.png b/community/working-groups/archive/policy/PolicyFormalVerificationDiagram.png similarity index 100% rename from policy/PolicyFormalVerificationDiagram.png rename to community/working-groups/archive/policy/PolicyFormalVerificationDiagram.png diff --git a/policy/overview-formal-verification.png b/community/working-groups/archive/policy/overview-formal-verification.png similarity index 100% rename from policy/overview-formal-verification.png rename to community/working-groups/archive/policy/overview-formal-verification.png diff --git a/policy/overview-policy-build-time-dependency-vulns.md b/community/working-groups/archive/policy/overview-policy-build-time-dependency-vulns.md similarity index 100% rename from policy/overview-policy-build-time-dependency-vulns.md rename to community/working-groups/archive/policy/overview-policy-build-time-dependency-vulns.md diff --git a/policy/overview-policy-formal-verification.md b/community/working-groups/archive/policy/overview-policy-formal-verification.md similarity index 100% rename from policy/overview-policy-formal-verification.md rename to community/working-groups/archive/policy/overview-policy-formal-verification.md diff --git a/community/automated-governance/README.md b/community/working-groups/automated-governance/README.md similarity index 100% rename from community/automated-governance/README.md rename to community/working-groups/automated-governance/README.md diff --git a/community/compliance/README.md b/community/working-groups/compliance/README.md similarity index 100% rename from community/compliance/README.md rename to community/working-groups/compliance/README.md diff --git a/community/controls/README.md b/community/working-groups/controls/README.md similarity index 100% rename from community/controls/README.md rename to community/working-groups/controls/README.md diff --git a/cloud-native-controls/phase-one-announcement.md b/community/working-groups/controls/phase-one-announcement.md similarity index 100% rename from cloud-native-controls/phase-one-announcement.md rename to community/working-groups/controls/phase-one-announcement.md diff --git a/community/research/README.md b/community/working-groups/research/README.md similarity index 100% rename from community/research/README.md rename to community/working-groups/research/README.md diff --git a/community/working-groups/supply-chain-security/README.md b/community/working-groups/supply-chain-security/README.md new file mode 100644 index 000000000..f41ec69a7 --- /dev/null +++ b/community/working-groups/supply-chain-security/README.md @@ -0,0 +1,41 @@ +# Software Supply Chain Security + +Software Supply Chain attacks have come to the wider community's attention following a recent high-profile attack, but have been an ongoing threat for a long time. With the ever-growing importance of free and open source software, software supply chain security is crucial, particularly in cloud native environments where everything is software-defined. + +## What are supply chain vulnerabilities and their implications? + +The [Catalog of Supply Chain Compromises](../../catalog/compromises/) provides real-world +examples that help raise awareness and provide detailed information that +let's us understand attack vectors and consider how to mitigate potential +risk. + +## On mitigating vulnerabilities + +There is on-going work to establish best practices in this area. The list of +[types of supply chain compromises](../../catalog/compromises/compromise-definitions.md) +in the [catalog of supply chain compromises](../../catalog/compromises/) suggests some +mitigation techniques for the more well understood categories. + +## Supply chain security paper + +STAG (Security Technical Advisory Group) has put work into a comprehensive +software supply chain paper highlighting best practices for high and medium risk +environments. Please check out +[the paper](../supply-chain-security-paper/sscsp.md) +and corollary +[secure supply chain assessment document](../supply-chain-security-paper/secure-supply-chain-assessment.md) +to learn more. + +For information about contributing to the document or providing feedback, please +refer to the [README](../supply-chain-security-paper/README.md). + +## Meeting Information + +- **Weekly Meetings:** 8:00 AM Pacific Time (US and Canada) +- **Meeting Link:** See CNCF calendar for invite +- **Meeting Notes:** [Google Docs](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit#heading=h.xkkh09c7ni6) + +## Contact + +- **Lead:** Marina Moore, Michael Lieberman, John Kjell +- **Slack Channel:** [Link](https://cloud-native.slack.com/archives/C01KL0B4LKC) diff --git a/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf b/community/working-groups/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf similarity index 100% rename from supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf rename to community/working-groups/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf diff --git a/supply-chain-security/secure-software-factory/images/image1.png b/community/working-groups/supply-chain-security/secure-software-factory/images/image1.png similarity index 100% rename from supply-chain-security/secure-software-factory/images/image1.png rename to community/working-groups/supply-chain-security/secure-software-factory/images/image1.png diff --git a/supply-chain-security/secure-software-factory/images/image2.png b/community/working-groups/supply-chain-security/secure-software-factory/images/image2.png similarity index 100% rename from supply-chain-security/secure-software-factory/images/image2.png rename to community/working-groups/supply-chain-security/secure-software-factory/images/image2.png diff --git a/supply-chain-security/secure-software-factory/images/image3.png b/community/working-groups/supply-chain-security/secure-software-factory/images/image3.png similarity index 100% rename from supply-chain-security/secure-software-factory/images/image3.png rename to community/working-groups/supply-chain-security/secure-software-factory/images/image3.png diff --git a/supply-chain-security/secure-software-factory/images/image4.png b/community/working-groups/supply-chain-security/secure-software-factory/images/image4.png similarity index 100% rename from supply-chain-security/secure-software-factory/images/image4.png rename to community/working-groups/supply-chain-security/secure-software-factory/images/image4.png diff --git a/supply-chain-security/secure-software-factory/images/image5.png b/community/working-groups/supply-chain-security/secure-software-factory/images/image5.png similarity index 100% rename from supply-chain-security/secure-software-factory/images/image5.png rename to community/working-groups/supply-chain-security/secure-software-factory/images/image5.png diff --git a/supply-chain-security/secure-software-factory/images/image6.png b/community/working-groups/supply-chain-security/secure-software-factory/images/image6.png similarity index 100% rename from supply-chain-security/secure-software-factory/images/image6.png rename to community/working-groups/supply-chain-security/secure-software-factory/images/image6.png diff --git a/supply-chain-security/secure-software-factory/images/image7.png b/community/working-groups/supply-chain-security/secure-software-factory/images/image7.png similarity index 100% rename from supply-chain-security/secure-software-factory/images/image7.png rename to community/working-groups/supply-chain-security/secure-software-factory/images/image7.png diff --git a/supply-chain-security/secure-software-factory/secure-software-factory.md b/community/working-groups/supply-chain-security/secure-software-factory/secure-software-factory.md similarity index 100% rename from supply-chain-security/secure-software-factory/secure-software-factory.md rename to community/working-groups/supply-chain-security/secure-software-factory/secure-software-factory.md diff --git a/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf b/community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf similarity index 100% rename from supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf rename to community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf diff --git a/supply-chain-security/supply-chain-security-paper/README.md b/community/working-groups/supply-chain-security/supply-chain-security-paper/README.md similarity index 100% rename from supply-chain-security/supply-chain-security-paper/README.md rename to community/working-groups/supply-chain-security/supply-chain-security-paper/README.md diff --git a/supply-chain-security/supply-chain-security-paper/fig1.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig1.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig1.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig1.png diff --git a/supply-chain-security/supply-chain-security-paper/fig2.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig2.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig2.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig2.png diff --git a/supply-chain-security/supply-chain-security-paper/fig3.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig3.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig3.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig3.png diff --git a/supply-chain-security/supply-chain-security-paper/fig4.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig4.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig4.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig4.png diff --git a/supply-chain-security/supply-chain-security-paper/fig5.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig5.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig5.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig5.png diff --git a/supply-chain-security/supply-chain-security-paper/fig6.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig6.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig6.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig6.png diff --git a/supply-chain-security/supply-chain-security-paper/fig7.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig7.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig7.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig7.png diff --git a/supply-chain-security/supply-chain-security-paper/fig8.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig8.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig8.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig8.png diff --git a/supply-chain-security/supply-chain-security-paper/fig9.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/fig9.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/fig9.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/fig9.png diff --git a/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md b/community/working-groups/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md similarity index 100% rename from supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md rename to community/working-groups/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig1.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig1.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig1.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig1.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig2.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig2.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig2.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig2.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig3.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig3.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig3.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig3.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig4.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig4.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig4.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig4.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig5.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig5.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig5.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig5.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig6.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig6.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig6.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig6.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig7.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig7.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig7.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig7.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig8.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig8.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig8.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig8.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp-images/fig9.png b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig9.png similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp-images/fig9.png rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp-images/fig9.png diff --git a/supply-chain-security/supply-chain-security-paper/sscsp.md b/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp.md similarity index 100% rename from supply-chain-security/supply-chain-security-paper/sscsp.md rename to community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp.md diff --git a/compliance/README.md b/compliance/README.md deleted file mode 100644 index 36db9a775..000000000 --- a/compliance/README.md +++ /dev/null @@ -1,68 +0,0 @@ -# CNCF Compliance Working Group - -## Charter - -Cloud Native systems represent a paradigm shift in both technical and human operations workflows. The community (and industry) has invested significant time researching and solving -approaches to Cloud native security concerns and topics: software vulnerabilities, risk management, software component dependencies and infrastructure as code (GitOps), supply chain -provenance, malicious attackers, threat models, and technical security assessments. At the same time, many commercial, non-profit foundations, community and government organizations -performing services or providing data storage must abide by national, regional, or local laws and regulations regarding user privacy and data, with assurance of protection of their compute -and data processing integrity and resilience. These cross cutting concerns span not only specific technical configuration of software and systems, but also require complex orchestration of -human administrative, operational, and design activities, especially when involving audit activities expecting concrete, reviewable independent audit artifacts. - -The motivation of the Compliance WG is cross-disciplinary and focused on bridging purely technical issues to broader legal and regulatory workflows: not only to strive for the prevention -of system breaches, but also considering supply chain, operators, data and AI failures while simultaneously considering auditability, non-repudiation, legally required forensic evidence, -etc. - across all the various activities required of cloud native operators of all sizes. The Compliance WG plans to curate vendor neutral tools for evidence collection, chain-of-custody -in audits, as well as automated workflows for continuous compliance authoring and assessment. - -The key areas of the Compliance WG include: - -- Building a knowledge base (in GitHub and possibly other tools) and case studies on the How, What, Why and When of operating a cloud native environment within the requirements of legal -and regulatory entities that govern clouds, specific industries, and more generally data and public/consumer usage. These requirements are often _not just_ technical security concerns. -Compliance activities and requirements span human activities and performance, system availability and reliability, the combined human and technical aspects of continuity of operations, -defining and monitoring data location as well as sovereignty and provenance of the regulated environment components and data - -- Generating specific examples of compliance as code, normalized templates, and tools for automating these both technical and non-technical requirements, control assessment, data analysis, -audit and compliance remediation workflows that specifically benefit CNCF projects and their community of users. - -- Reviewing industry and governmental standards - eg NIST, PCI, HIPAA, etc - from a cloud native perspective and serving as Subject Matter Experts in the CNCF community for how projects -should implement and support these compliance-specific requirements as first class citizen to enable broad adoption of the best practices by commercial, non-profit, governmental, and -humanitarian organizations. - -## Responsibilities - - - -- Users/personas/needs/customer demands for industry and regulatory compliance (both human and technical) -- Identifications of areas of focus e.g. human workflows, automated workflows, analytical tools, audit and assessment tools, technical security controls that cut across components and systems and clouds, etc -- Framework for evaluation, audit and reporting - how do products and tools demonstrate compliance? -- Training and automation - what is missing, what is difficult to understand, what knowledge gaps are there? -- Work on integrating common tooling across different projects, particularly where that tooling is a CNCF project (but the targets may not be) -- Cross project focus on the projects and efforts the CNCF is funding, helping projects identify needs and providing subject matter expertise to assist -- Recommendations of integrating security tooling with compliance tooling and processes - making both the synergies and unique separations of concern explicit and achieving community consensus. -- Growing CNCF external relationships with interested parties, e.g. NIST and other compliance standards bodies such as FINOS, OSCAL, OpenSSF - -## Stakeholders/Key people - Roles and responsibilities - - - -### WG co-chairs - -- Anca Sailer ([@ancatri](https://github.com/ancatri)) - -- Robert Ficcaglia ([@rficcaglia](https://github.com/rficcaglia)) - -### WG tech leads - -- Alejandro Leiva ([@AleJo2995](https://github.com/AleJo2995)) - -- Jennifer Power ([@jpower432](https://github.com/jpower432)) - -- Lou DeGenaro ([@degenaro](https://github.com/degenaro)) - -- Manjiree Gadgil ([@mrgadgil](https://github.com/mrgadgil)) - -- Vikas Agarwal ([@vikas-agarwal76](https://github.com/vikas-agarwal76)) - -- Yuji Watanabe ([@yuji-watanabe-jp](https://github.com/yuji-watanabe-jp)) - -- Takumi Yanagawa ([@yana1205](https://github.com/yana1205)) diff --git a/policy-wg-merging.md b/policy-wg-merging.md deleted file mode 100644 index 0f595fd0e..000000000 --- a/policy-wg-merging.md +++ /dev/null @@ -1,23 +0,0 @@ -The Policy WG merged with SAFE WG on Aug 10, 2018, and together submitted SAFE WG proposal to CNCF TOC - -This document illustrates the proposed CNCF Policy WG's key objects and deliverables, and the way to forge ahead with SAFE WG as a unified CNCF level WG to avoid unnecessary overlap and concentrate resources. - -CNCF Policy WG Proposal -======================= - -Overview: https://docs.google.com/document/d/1KSGODwPSzusENZ2vaX3sw81b7M39mgmESaYnwZi53dQ/edit?usp=sharing - -Key Deliverables -================ - -- Cloud Native Policy Architecture White Paper -- Container Policy Interface implementations -- Various feature requests to projects like kubernetes, opa, istio, spifee, and more. - -Way forward on merging with SAFE WG -=================================== - -1. Extend the original scope to include policy, such as security oriented policies (RBAC, network, Auth, ...) and resource oriented policies (resource manager, quota, scheduling, topology, ...) -2. Extend the interested parties to include Policy WG key participants. -3. Extend the deliverables to include Policy WG deliverables: a new scoped white paper on security and policy, cpi development/discussion, and upstream project feedback/feature request. -4. WG rename after official status to reflect the new scope and deliverables. diff --git a/roadmap.md b/roadmap.md deleted file mode 100644 index ba31fc888..000000000 --- a/roadmap.md +++ /dev/null @@ -1,92 +0,0 @@ -# Security TAG Roadmap - -* [Overview](#overview) -* [Details](#details) -* [Upcoming](#upcoming) - * [Ongoing efforts](#ongoing-efforts) -* [Completed](completed) - -## Overview -Note: TAG-Security was rebranded from SAFE working group. The below roadmap -includes SAFE WG and TAG-Security in its timeline. - -| | #2 Discover | #3 Describe | #4 Identify -| --- | --- | --- | --- | -| Artifacts | Personas
Use Cases
Categories | Standards
Common Definitions
Block Architecture | Catalog Projects
Fill in Boxes
Identify Gaps -| Topics | Presentations
TAG members & guests | Standards in Practice
Real World Systems Architecture | Platforms & Products
Tools & Libraries - -## Details - -1. **Charter** the SAFE Working Group. Draft vision, process and initial members - (done, see below) -2. **Discover** (Completed) - * Explore the problem space of the working group - * Investigating what is happening in the community today with respect to security for cloud native applications and infrastructure - * [Presentations](issues?utf8=%E2%9C%93&q=is%3Aclosed+is%3Aissue+label%3Ausecase-presentation+) from members & guests - * Describe [personas & use cases](usecase-personas/) - * Draft a picture or set of categories that will serve as a starting point for an evaluation framework - * Solicit real world use cases and practices (and compensating controls) for projects -3. **Describe** (in progress) - * Define the terminology used in the output documents, and in the community - * Describe the current state (map) of cloud native security, which might include: - * existing standards - * existing open source, and proprietary, solutions - * common patterns in use today for system that works for cloud native apps. For example: - * Extract end-to-end view of secure access, and - * Common layering or a block architecture -4. **Identify** existing security components in CNCF and projects in the CNCF landscape and catalog - * Identify gaps and make recommendations to the community and TOC - * Continually monitor the viability of the existing projects and update the landscape document - * Document and disseminate best practices (provide training?) - -## Upcoming - -TAG-Security strives to perform annual planning and quarterly reviews of our -roadmap plans. The Roadmap planning project board for each annum is a live -board and is continually updated. Boards may have cards added which indicate -early concepts or needs for discovery, prior to become proposals or projects. - -| Year | Board Link | -| --- | --- | -| 2021-2022 | [RoadMap Planning Board](https://github.com/cncf/tag-security/projects/4) | - -### Ongoing efforts - -TAG-Security maintains a few activities as regular business. Boards tracking -these items linked below. - -| Effort | Board Link | Description | -| --- | --- | -- | -| CNCF project security reviews | [Security Review Queue](https://github.com/cncf/tag-security/projects/2) | This board is used to manage upcoming and current security reviews and security review related activities. | -| TAG-Security Projects | [Project Tracking Board](https://github.com/cncf/tag-security/projects/1) | This board is used to manage upcoming proposals (backlog) and ongoing projects. | -| Issue Triage | [Triage Board](https://github.com/cncf/tag-security/projects/3) | This board is used to assist the Triage team in managing the queue of issues. | - - -## Completed - -| Milestone | Date | Action -| --- | --- | --- | -| First Community Translation | 27 Feb 2021 | [Chinese translation of Whitepaper](https://github.com/cncf/tag-security/pull/471) | -| Security Assessments => Reviews | 23 Feb 2021 | Retrospective resulted in [process updates](https://github.com/cncf/tag-security/pull/488) | -| APAC meetings start | 1 Feb 2021 | [Regular meeting time added to README](https://github.com/cncf/tag-security/pull/518) -| Expanded to 5 Tech Leads | 13 Jan 2021 | [TOC Approves](https://lists.cncf.io/g/cncf-toc/topic/79052801#5599) [@ashutosh-narkar](https://github.com/ashutosh-narkar), [@achetal01](https://github.com/achetal01), [@anvega](https://github.com/anvega) | -| Cloud Native Security Whitepaper v1 | 18 Nov 2020 | [Markdown source and images in repo](https://github.com/cncf/tag-security/pull/452) | -| First five security assessments | 21 Oct 2020 | [In-toto, OPA, SPIFFE/SPIRE, Harbor, Keycloak](https://github.com/cncf/tag-security/issues/167) | -| First chair rotation | 15 Sep 2020 | [TOC approves](https://lists.cncf.io/g/cncf-toc/topic/77001316#5303) [@TheFoxAtWork](https://github.com/TheFoxAtWork) with new [chair proposal process](https://github.com/cncf/tag-security/pull/419/files) -| DoD Kubernetes/Container Security controls proposed | 26 Jun 2020 | LF collaboration with US DoD [merged to DoD repo](https://repo1.dso.mil/dsawg-devsecops/kubernetes-srg/k8-srg-artifacts/-/tree/master/linuxfoundation) | -| First Tech Leads | 25 Feb 2020 | [TOC approves](https://lists.cncf.io/g/cncf-toc/topic/71341283#4198) [@lumjjb](https://github.com/lumjjb) [@TheFoxAtWork](https://github.com/TheFoxAtWork) [@JustinCappos](https://github.com/JustinCappos) | -| Security Assessment intake process | 7 Jan 2020 | [Intake process and prioritization](https://github.com/cncf/tag-security/pull/296) | -| First Cloud Native Security Day | 19 Nov 2019 | [Event](https://events19.linuxfoundation.org/events/cloud-native-security-day-2019/) organized by [@mfdii and @TheFoxAtWork](https://github.com/cncf/tag-security/issues/209) | -| Software supply chain catalog | 14 Nov 2019 | [Catalog](https://github.com/cncf/tag-security/pull/284) | -| Updated personas & use cases | 23 Sept 2019 | [Added platform implementer](https://github.com/cncf/tag-security/pull/246) -| Policy formal verification overview | 10 Sept 2019 | [Documentation](https://github.com/cncf/tag-security/pull/242) -| First Security Assessment | May 2019 | [In-toto](https://github.com/cncf/tag-security/pull/202) | -| Updated Charter and Governance ratified by CNCF TOC | 7 May 2019 | [New repo](https://github.com/cncf/tag-security/tree/main/governance) | -| First cut security audit guidelines | 2 May 2019 | [Guidelines](https://github.com/cncf/tag-security/pull/125) | -| Moved SAFE WG to CNCF | 15 Apr 2019 | [Repo rename](https://github.com/cncf/tag-security/pull/148) | -| CNCF WG proposal | 21 Aug 2018 | [CNCF TAG-Security charter and roles](https://github.com/cncf/toc/pull/146) | -| Policy WG merged | 10 Aug 2018 | [Merging policy WG](https://github.com/cncf/tag-security/blob/main/policy-wg-merging.md) | -| First KubeCon Presentations | 2-4 May 2018 | [Intro](https://kccnceu18.sched.com/event/ENw3/safe-wg-intro-jeyappragash-j-j-padmeio-ray-colline-google-any-skill-level) and [deep dive](https://kccnceu18.sched.com/event/ENw5/safe-wg-deep-dive-ray-colline-google-intermediate-skill-level) | -| Personas & use cases | 20 Apr 2018 | [Shared doc into repo markdown](https://github.com/cncf/tag-security/pull/16) -| Initial Commit for SAFE repo | 13 Mar 2018 | [First commit](https://github.com/cncf/tag-security/commit/fe999bd637456ade5e6cc8866d0db4107a0d9778) | -| Informal discussions at Kubecon Austin | Dec 2017 | Meeting with CNCF community and gathering feedback | diff --git a/safe_kubecon.md b/safe_kubecon.md deleted file mode 100644 index 8d09ae997..000000000 --- a/safe_kubecon.md +++ /dev/null @@ -1,15 +0,0 @@ -### SAFE Recap @ [Kubecon Europe 2018](https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2018/) - -SAFE had two sessions for introducing SAFE and getting feedback from the community. - -* [SAFE WG Intro](https://kccnceu18.sched.com/event/ENw3/safe-wg-intro-jeyappragash-j-j-padmeio-ray-colline-google-any-skill-level) -* [SAFE WG Deep Dive](https://kccnceu18.sched.com/event/ENw5/safe-wg-deep-dive-ray-colline-google-intermediate-skill-level) - -We had a small but relevant group and hallway conversations were equally engaging and informative. - -Excited to have [Liz Rice](https://github.com/lizrice) and [Justin Cormack](https://github.com/justincormack) join us. - -Across the board, everyone I had conversation with, there was a natural acknowledgement that security is an end-end problem and understanding secure access and providing a safe end-end system for enduser is critical. Highlighted at the [keynote by Alexis](https://twitter.com/MayaKaczorowski/status/991601395450171392?s=15). - -We are just getting started on this, incredibly excited to be part of this team and the effort! - diff --git a/supply-chain-security/README.md b/supply-chain-security/README.md deleted file mode 100644 index f0df0cc8b..000000000 --- a/supply-chain-security/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# Software Supply Chain - -Supply chain compromises are a powerful attack vector. In cloud native -deployments everything is software-defined, so there is increased risk when -there are vulnerabilities in this area. If an attacker controls the supply -chain, they can potentially reconfigure anything in an insecure way. - -## What are supply chain vulnerabilities and their implications? - -The [Catalog of Supply Chain Compromises](./compromises) provides real-world -examples that help raise awareness and provide detailed information that -let's us understand attack vectors and consider how to mitigate potential -risk. - -## On mitigating vulnerabilities - -There is on-going work to establish best practices in this area. The list of -[types of supply chain compromises](./compromises/compromise-definitions.md) -in the [catalog of supply chain compromises](./compromises) suggests some -mitigation techniques for the more well understood categories. - -## Supply chain security paper - -STAG (Security Technical Advisory Group) has put work into a comprehensive -software supply chain paper highlighting best practices for high and medium risk -environments. Please check out -[the paper](./supply-chain-security-paper/sscsp.md) -and corollary -[secure supply chain assessment document](./supply-chain-security-paper/secure-supply-chain-assessment.md) -to learn more. - -For information about contributing to the document or providing feedback, please -refer to the [README](./supply-chain-security-paper/README.md). From df48654f1a6311cfb7af01860ae164fd1aea6237 Mon Sep 17 00:00:00 2001 From: Andres Vega Date: Wed, 19 Jun 2024 21:13:46 -0700 Subject: [PATCH 02/14] Merged LICENSE files into a single `LICENSE.md`. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega --- LICENSE-code | 201 ---------------- LICENSE-document | 395 ------------------------------- LICENSE.md | 604 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 602 insertions(+), 598 deletions(-) delete mode 100644 LICENSE-code delete mode 100644 LICENSE-document diff --git a/LICENSE-code b/LICENSE-code deleted file mode 100644 index 261eeb9e9..000000000 --- a/LICENSE-code +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/LICENSE-document b/LICENSE-document deleted file mode 100644 index 2802779ed..000000000 --- a/LICENSE-document +++ /dev/null @@ -1,395 +0,0 @@ -Attribution 4.0 International - -======================================================================= - -Creative Commons Corporation ("Creative Commons") is not a law firm and -does not provide legal services or legal advice. Distribution of -Creative Commons public licenses does not create a lawyer-client or -other relationship. Creative Commons makes its licenses and related -information available on an "as-is" basis. Creative Commons gives no -warranties regarding its licenses, any material licensed under their -terms and conditions, or any related information. Creative Commons -disclaims all liability for damages resulting from their use to the -fullest extent possible. - -Using Creative Commons Public Licenses - -Creative Commons public licenses provide a standard set of terms and -conditions that creators and other rights holders may use to share -original works of authorship and other material subject to copyright -and certain other rights specified in the public license below. The -following considerations are for informational purposes only, are not -exhaustive, and do not form part of our licenses. - - Considerations for licensors: Our public licenses are - intended for use by those authorized to give the public - permission to use material in ways otherwise restricted by - copyright and certain other rights. Our licenses are - irrevocable. Licensors should read and understand the terms - and conditions of the license they choose before applying it. - Licensors should also secure all rights necessary before - applying our licenses so that the public can reuse the - material as expected. Licensors should clearly mark any - material not subject to the license. This includes other CC- - licensed material, or material used under an exception or - limitation to copyright. More considerations for licensors: - wiki.creativecommons.org/Considerations_for_licensors - - Considerations for the public: By using one of our public - licenses, a licensor grants the public permission to use the - licensed material under specified terms and conditions. If - the licensor's permission is not necessary for any reason--for - example, because of any applicable exception or limitation to - copyright--then that use is not regulated by the license. Our - licenses grant only permissions under copyright and certain - other rights that a licensor has authority to grant. Use of - the licensed material may still be restricted for other - reasons, including because others have copyright or other - rights in the material. A licensor may make special requests, - such as asking that all changes be marked or described. - Although not required by our licenses, you are encouraged to - respect those requests where reasonable. More_considerations - for the public: - wiki.creativecommons.org/Considerations_for_licensees - -======================================================================= - -Creative Commons Attribution 4.0 International Public License - -By exercising the Licensed Rights (defined below), You accept and agree -to be bound by the terms and conditions of this Creative Commons -Attribution 4.0 International Public License ("Public License"). To the -extent this Public License may be interpreted as a contract, You are -granted the Licensed Rights in consideration of Your acceptance of -these terms and conditions, and the Licensor grants You such rights in -consideration of benefits the Licensor receives from making the -Licensed Material available under these terms and conditions. - - -Section 1 -- Definitions. - - a. Adapted Material means material subject to Copyright and Similar - Rights that is derived from or based upon the Licensed Material - and in which the Licensed Material is translated, altered, - arranged, transformed, or otherwise modified in a manner requiring - permission under the Copyright and Similar Rights held by the - Licensor. For purposes of this Public License, where the Licensed - Material is a musical work, performance, or sound recording, - Adapted Material is always produced where the Licensed Material is - synched in timed relation with a moving image. - - b. Adapter's License means the license You apply to Your Copyright - and Similar Rights in Your contributions to Adapted Material in - accordance with the terms and conditions of this Public License. - - c. Copyright and Similar Rights means copyright and/or similar rights - closely related to copyright including, without limitation, - performance, broadcast, sound recording, and Sui Generis Database - Rights, without regard to how the rights are labeled or - categorized. For purposes of this Public License, the rights - specified in Section 2(b)(1)-(2) are not Copyright and Similar - Rights. - - d. Effective Technological Measures means those measures that, in the - absence of proper authority, may not be circumvented under laws - fulfilling obligations under Article 11 of the WIPO Copyright - Treaty adopted on December 20, 1996, and/or similar international - agreements. - - e. Exceptions and Limitations means fair use, fair dealing, and/or - any other exception or limitation to Copyright and Similar Rights - that applies to Your use of the Licensed Material. - - f. Licensed Material means the artistic or literary work, database, - or other material to which the Licensor applied this Public - License. - - g. Licensed Rights means the rights granted to You subject to the - terms and conditions of this Public License, which are limited to - all Copyright and Similar Rights that apply to Your use of the - Licensed Material and that the Licensor has authority to license. - - h. Licensor means the individual(s) or entity(ies) granting rights - under this Public License. - - i. Share means to provide material to the public by any means or - process that requires permission under the Licensed Rights, such - as reproduction, public display, public performance, distribution, - dissemination, communication, or importation, and to make material - available to the public including in ways that members of the - public may access the material from a place and at a time - individually chosen by them. - - j. Sui Generis Database Rights means rights other than copyright - resulting from Directive 96/9/EC of the European Parliament and of - the Council of 11 March 1996 on the legal protection of databases, - as amended and/or succeeded, as well as other essentially - equivalent rights anywhere in the world. - - k. You means the individual or entity exercising the Licensed Rights - under this Public License. Your has a corresponding meaning. - - -Section 2 -- Scope. - - a. License grant. - - 1. Subject to the terms and conditions of this Public License, - the Licensor hereby grants You a worldwide, royalty-free, - non-sublicensable, non-exclusive, irrevocable license to - exercise the Licensed Rights in the Licensed Material to: - - a. reproduce and Share the Licensed Material, in whole or - in part; and - - b. produce, reproduce, and Share Adapted Material. - - 2. Exceptions and Limitations. For the avoidance of doubt, where - Exceptions and Limitations apply to Your use, this Public - License does not apply, and You do not need to comply with - its terms and conditions. - - 3. Term. The term of this Public License is specified in Section - 6(a). - - 4. Media and formats; technical modifications allowed. The - Licensor authorizes You to exercise the Licensed Rights in - all media and formats whether now known or hereafter created, - and to make technical modifications necessary to do so. The - Licensor waives and/or agrees not to assert any right or - authority to forbid You from making technical modifications - necessary to exercise the Licensed Rights, including - technical modifications necessary to circumvent Effective - Technological Measures. For purposes of this Public License, - simply making modifications authorized by this Section 2(a) - (4) never produces Adapted Material. - - 5. Downstream recipients. - - a. Offer from the Licensor -- Licensed Material. Every - recipient of the Licensed Material automatically - receives an offer from the Licensor to exercise the - Licensed Rights under the terms and conditions of this - Public License. - - b. No downstream restrictions. You may not offer or impose - any additional or different terms or conditions on, or - apply any Effective Technological Measures to, the - Licensed Material if doing so restricts exercise of the - Licensed Rights by any recipient of the Licensed - Material. - - 6. No endorsement. Nothing in this Public License constitutes or - may be construed as permission to assert or imply that You - are, or that Your use of the Licensed Material is, connected - with, or sponsored, endorsed, or granted official status by, - the Licensor or others designated to receive attribution as - provided in Section 3(a)(1)(A)(i). - - b. Other rights. - - 1. Moral rights, such as the right of integrity, are not - licensed under this Public License, nor are publicity, - privacy, and/or other similar personality rights; however, to - the extent possible, the Licensor waives and/or agrees not to - assert any such rights held by the Licensor to the limited - extent necessary to allow You to exercise the Licensed - Rights, but not otherwise. - - 2. Patent and trademark rights are not licensed under this - Public License. - - 3. To the extent possible, the Licensor waives any right to - collect royalties from You for the exercise of the Licensed - Rights, whether directly or through a collecting society - under any voluntary or waivable statutory or compulsory - licensing scheme. In all other cases the Licensor expressly - reserves any right to collect such royalties. - - -Section 3 -- License Conditions. - -Your exercise of the Licensed Rights is expressly made subject to the -following conditions. - - a. Attribution. - - 1. If You Share the Licensed Material (including in modified - form), You must: - - a. retain the following if it is supplied by the Licensor - with the Licensed Material: - - i. identification of the creator(s) of the Licensed - Material and any others designated to receive - attribution, in any reasonable manner requested by - the Licensor (including by pseudonym if - designated); - - ii. a copyright notice; - - iii. a notice that refers to this Public License; - - iv. a notice that refers to the disclaimer of - warranties; - - v. a URI or hyperlink to the Licensed Material to the - extent reasonably practicable; - - b. indicate if You modified the Licensed Material and - retain an indication of any previous modifications; and - - c. indicate the Licensed Material is licensed under this - Public License, and include the text of, or the URI or - hyperlink to, this Public License. - - 2. You may satisfy the conditions in Section 3(a)(1) in any - reasonable manner based on the medium, means, and context in - which You Share the Licensed Material. For example, it may be - reasonable to satisfy the conditions by providing a URI or - hyperlink to a resource that includes the required - information. - - 3. If requested by the Licensor, You must remove any of the - information required by Section 3(a)(1)(A) to the extent - reasonably practicable. - - 4. If You Share Adapted Material You produce, the Adapter's - License You apply must not prevent recipients of the Adapted - Material from complying with this Public License. - - -Section 4 -- Sui Generis Database Rights. - -Where the Licensed Rights include Sui Generis Database Rights that -apply to Your use of the Licensed Material: - - a. for the avoidance of doubt, Section 2(a)(1) grants You the right - to extract, reuse, reproduce, and Share all or a substantial - portion of the contents of the database; - - b. if You include all or a substantial portion of the database - contents in a database in which You have Sui Generis Database - Rights, then the database in which You have Sui Generis Database - Rights (but not its individual contents) is Adapted Material; and - - c. You must comply with the conditions in Section 3(a) if You Share - all or a substantial portion of the contents of the database. - -For the avoidance of doubt, this Section 4 supplements and does not -replace Your obligations under this Public License where the Licensed -Rights include other Copyright and Similar Rights. - - -Section 5 -- Disclaimer of Warranties and Limitation of Liability. - - a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE - EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS - AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF - ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, - IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, - WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR - PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, - ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT - KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT - ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. - - b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE - TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, - NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, - INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, - COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR - USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR - DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR - IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. - - c. The disclaimer of warranties and limitation of liability provided - above shall be interpreted in a manner that, to the extent - possible, most closely approximates an absolute disclaimer and - waiver of all liability. - - -Section 6 -- Term and Termination. - - a. This Public License applies for the term of the Copyright and - Similar Rights licensed here. However, if You fail to comply with - this Public License, then Your rights under this Public License - terminate automatically. - - b. Where Your right to use the Licensed Material has terminated under - Section 6(a), it reinstates: - - 1. automatically as of the date the violation is cured, provided - it is cured within 30 days of Your discovery of the - violation; or - - 2. upon express reinstatement by the Licensor. - - For the avoidance of doubt, this Section 6(b) does not affect any - right the Licensor may have to seek remedies for Your violations - of this Public License. - - c. For the avoidance of doubt, the Licensor may also offer the - Licensed Material under separate terms or conditions or stop - distributing the Licensed Material at any time; however, doing so - will not terminate this Public License. - - d. Sections 1, 5, 6, 7, and 8 survive termination of this Public - License. - - -Section 7 -- Other Terms and Conditions. - - a. The Licensor shall not be bound by any additional or different - terms or conditions communicated by You unless expressly agreed. - - b. Any arrangements, understandings, or agreements regarding the - Licensed Material not stated herein are separate from and - independent of the terms and conditions of this Public License. - - -Section 8 -- Interpretation. - - a. For the avoidance of doubt, this Public License does not, and - shall not be interpreted to, reduce, limit, restrict, or impose - conditions on any use of the Licensed Material that could lawfully - be made without permission under this Public License. - - b. To the extent possible, if any provision of this Public License is - deemed unenforceable, it shall be automatically reformed to the - minimum extent necessary to make it enforceable. If the provision - cannot be reformed, it shall be severed from this Public License - without affecting the enforceability of the remaining terms and - conditions. - - c. No term or condition of this Public License will be waived and no - failure to comply consented to unless expressly agreed to by the - Licensor. - - d. Nothing in this Public License constitutes or may be interpreted - as a limitation upon, or waiver of, any privileges and immunities - that apply to the Licensor or You, including from the legal - processes of any jurisdiction or authority. - - -======================================================================= - -Creative Commons is not a party to its public -licenses. Notwithstanding, Creative Commons may elect to apply one of -its public licenses to material it publishes and in those instances -will be considered the "Licensor." The text of the Creative Commons -public licenses is dedicated to the public domain under the CC0 Public -Domain Dedication. Except for the limited purpose of indicating that -material is shared under a Creative Commons public license or as -otherwise permitted by the Creative Commons policies published at -creativecommons.org/policies, Creative Commons does not authorize the -use of the trademark "Creative Commons" or any other trademark or logo -of Creative Commons without its prior written consent including, -without limitation, in connection with any unauthorized modifications -to any of its public licenses or any other arrangements, -understandings, or agreements concerning use of licensed material. For -the avoidance of doubt, this paragraph does not form part of the -public licenses. - -Creative Commons may be contacted at creativecommons.org. \ No newline at end of file diff --git a/LICENSE.md b/LICENSE.md index 9ea106dc0..99e03dd69 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,2 +1,602 @@ -Code in this repository is licensed under [Apache License Version 2.0](LICENSE-code) (SPDX-License-Identifier: Apache-2.0). -Documentation in this repository is licensed under [Creative Common Attribution 4.0 International License](LICENSE-document) (SPDX-License-Identifier: CC-BY-4.0) \ No newline at end of file +# License + +## Source Code + +The source code in this repository is licensed under the MIT License. See below for the full license text. + +## Documentation + +The documentation in this repository is licensed under the Creative Commons Attribution 4.0 International License. See below for the full license text. + +### MIT License + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +### Creative Commons Attribution 4.0 International License + +Attribution 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More_considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution 4.0 International Public License ("Public License"). To the +extent this Public License may be interpreted as a contract, You are +granted the Licensed Rights in consideration of Your acceptance of +these terms and conditions, and the Licensor grants You such rights in +consideration of benefits the Licensor receives from making the +Licensed Material available under these terms and conditions. + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + d. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + e. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + f. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + g. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + h. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + i. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + j. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + k. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + 4. If You Share Adapted Material You produce, the Adapter's + License You apply must not prevent recipients of the Adapted + Material from complying with this Public License. + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material; and + + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + +======================================================================= + +Creative Commons is not a party to its public +licenses. Notwithstanding, Creative Commons may elect to apply one of +its public licenses to material it publishes and in those instances +will be considered the "Licensor." The text of the Creative Commons +public licenses is dedicated to the public domain under the CC0 Public +Domain Dedication. Except for the limited purpose of indicating that +material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the +public licenses. + +Creative Commons may be contacted at creativecommons.org. From bb1ac8cecb1919b27fc1be54df1382feff47f520 Mon Sep 17 00:00:00 2001 From: Andres Vega Date: Wed, 19 Jun 2024 21:18:55 -0700 Subject: [PATCH 03/14] Deadlinks and asterisks in events folder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega --- community/events/cloud_native_security.md | 1 - community/events/past-events.md | 234 +++++++++++----------- 2 files changed, 117 insertions(+), 118 deletions(-) diff --git a/community/events/cloud_native_security.md b/community/events/cloud_native_security.md index c7f01a7d8..481e0c80c 100644 --- a/community/events/cloud_native_security.md +++ b/community/events/cloud_native_security.md @@ -23,7 +23,6 @@ project, architecture, and enhance team awareness on security. - Copenhagen, Denmark - May 2-4, 2018 -- [notes](safe_kubecon.md) [KubeCon + CloudNativeCon, Shanghai](https://events19.linuxfoundation.cn/events/kubecon-cloudnativecon-china-2018/) diff --git a/community/events/past-events.md b/community/events/past-events.md index 1b97756bd..79bf1848d 100644 --- a/community/events/past-events.md +++ b/community/events/past-events.md @@ -53,149 +53,149 @@ A list of past KubeCon/Cloud Native SecurityCon events an be found [here](cloud_
Click to view list -* [2019-09-25 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-09-18 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-09-11 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-09-04 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-08-28 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-08-21 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-08-14 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-08-07 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-07-31 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-07-24 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-07-17 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-07-10 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-07-03 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-06-26 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-06-19 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-06-12 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-06-05 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-05-29 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* 2019-05-22 CNCF TAG-Security Meeting - No Meeting due to KubeCon Europe -* [2019-05-15 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-09-25 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-09-18 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-09-11 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-09-04 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-08-28 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-08-21 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-08-14 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-08-07 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-07-31 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-07-24 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-07-17 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-07-10 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-07-03 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-06-26 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-06-19 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-06-12 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-06-05 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-05-29 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- 2019-05-22 CNCF TAG-Security Meeting - No Meeting due to KubeCon Europe +- [2019-05-15 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) \- OPA with SAFE Presentation Framework -* [2019-05-08 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) -* [2019-04-12 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-04-11 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-05-08 CNCF TAG-Security Meeting](https://docs.google.com/document/d/170y5biX9k95hYRwprITprG6Mc9xD5glVn-4mB2Jmi2g/edit) +- [2019-04-12 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-04-11 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-04-05 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-04-05 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Google Open Source Project Onboarding -* [2019-04-04 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-04-04 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-03-29 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-29 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Revised presentation framework with in-toto (OPA, Kamus, TOC invited) -* [2019-03-28 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-28 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-03-22 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-03-22 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-22 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-22 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- SAFE Whitepaper Working Session -* [2019-03-15 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-03-08 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-03-07 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-15 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-08 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-07 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-03-08 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-03-07 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-08 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-07 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-03-01 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-02-28 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-03-01 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-02-28 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-02-22 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-02-21 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-02-22 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-02-21 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-02-15 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-02-08 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-02-01 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-01-31 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-02-15 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-02-08 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-02-01 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-01-31 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-01-25 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-01-24 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-01-25 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-01-24 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-01-18 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-01-17 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-01-18 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-01-17 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session -* [2019-01-11 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2019-01-10 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-01-11 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) +- [2019-01-10 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session - :star: [new meeting notes doc](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) -* [2018-12-21 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-12-13 SAFE WG BOF Deep Dive @ KubeCon + CloudNativeCon North America 2018](https://kccna18.sched.com/event/GrdR/deep-dive-safe-bof-jeyappragash-jeyakeerthi-padmeio-dan-shaw-danshaw-llc) -* 2018-12-11 SAFE WG Dinner @ KubeCon + CloudNativeCon North America 2018 -* [2018-12-11 SAFE WG BOF Intro @ KubeCon + CloudNativeCon North America +- [2018-12-21 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-12-13 SAFE WG BOF Deep Dive @ KubeCon + CloudNativeCon North America 2018](https://kccna18.sched.com/event/GrdR/deep-dive-safe-bof-jeyappragash-jeyakeerthi-padmeio-dan-shaw-danshaw-llc) +- 2018-12-11 SAFE WG Dinner @ KubeCon + CloudNativeCon North America 2018 +- [2018-12-11 SAFE WG BOF Intro @ KubeCon + CloudNativeCon North America 2018](https://kccna18.sched.com/event/GrbV/intro-safe-bof-jeyappragash-jeyakeerthi-padmeio-dan-shaw-danshaw-llc) -* [2018-12-14 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-12-07 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-11-30 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-11-29 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-12-14 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-12-07 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-11-30 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-11-29 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) \- Working Session -* 2018-11-23 - no meeting -* 2018-11-22 - no meeting :turkey: -* [2018-11-16 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-11-15 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- 2018-11-23 - no meeting +- 2018-11-22 - no meeting :turkey: +- [2018-11-16 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-11-15 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) \- Working Session -* 2018-11-14 - KubeCon Shanghai 2018 Intro Session: +- 2018-11-14 - KubeCon Shanghai 2018 Intro Session: [Intro: SAFE (A Cloud Native Security Working Group)](https://kccncchina2018english.sched.com/event/FuLG) -* 2018-11-09 - no meeting: [SPIFFE Community Day](https://docs.google.com/document/d/1Gt91uPgemRuW56P3qnuQfs0VoWn_2n0D8N-LxpnUu5c/edit) -* [2018-11-08 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -\- Working Session -* [2018-10-26 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-10-25 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -\- Working Session -* [2018-10-19 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-10-12 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-10-05 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-10-04 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -\- Working Session -* [2018-09-28 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-09-21 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-09-20 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -\- Working Session -* [2018-09-14 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-09-07 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-09-06 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -\- Working Session -* [2018-08-31 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-08-31 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-08-30 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-08-24 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* 2018-08-21 SAFE WG proposal to the CNCF TOC -* [2018-08-17 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-08-16 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -\- Working Session -* [2018-08-10 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-08-09 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -\- Working Session -* [2018-08-03 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -* [2018-08-02 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -\- Working Session -* [2018-07-27 SAFE Meeting](https://docs.google.com/document/d/1DqqeTguBpalPj-y4nqY0uo8vYn_tU6DJzmbIdoyslhw/edit) -* [2018-07-13 SAFE Meeting](https://docs.google.com/document/d/1sniqXFFcP4vpX2bO6NeB31mzO1YOJrcQy2ryXATSHmk/edit) -* [2018-06-29 SAFE Meeting](https://docs.google.com/document/d/1fyBDIm82xtTYWhZu3gyLahltMdTOxl9aWfOfRxYHapo/edit) -* [2018-06-15 SAFE Meeting](https://docs.google.com/document/d/1usB6Xw1GVjW--RkRw1RPypwvUP_E8trtzg9JTO1ZAkM/edit) -* [2018-06-08 SAFE Meeting](https://docs.google.com/document/d/10iJ3wA7uVI6JMyvIv9qXdxdLCyQeS-djYsTqL_JG3d0/edit) -* 2018-06-01 - no meeting -* [2018-05-25 SAFE Meeting](https://docs.google.com/document/d/1LEXzz1PUaboqyIBg-1QBj-R0T1z6950fsetkBEW7b8g/edit) -* [2018-05-18 SAFE Meeting](https://docs.google.com/document/d/1xzJ29fTOJSioqrDuSkvBfsewV2lvgbr8olmDWb4kdPk/edit) -* [2018-05-11 SAFE Meeting](https://docs.google.com/document/d/1U5SKjp4vvN_I1CEw-O0mf7yhjhLzpRnTsaCxQS3CdIQ/edit) -* KubeCon Europe 2018 Deep-dive Session -* KubeCon Europe 2018 Intro Session -* [2018-04-27 SAFE Meeting](https://docs.google.com/document/d/1mtdBg6-8eGgBCfIFT56dDe_LVRCw5_tSeIAsRH_8KfM/edit) -* [2018-04-20 SAFE Meeting](https://docs.google.com/document/d/1B7G0_V1i8DTX-JIzMquUzFJgJBzZN-NWkJDCi62LOh4/edit) +- 2018-11-09 - no meeting: [SPIFFE Community Day](https://docs.google.com/document/d/1Gt91uPgemRuW56P3qnuQfs0VoWn_2n0D8N-LxpnUu5c/edit) +- [2018-11-08 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +\- Working Session +- [2018-10-26 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-10-25 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +\- Working Session +- [2018-10-19 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-10-12 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-10-05 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-10-04 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +\- Working Session +- [2018-09-28 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-09-21 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-09-20 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +\- Working Session +- [2018-09-14 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-09-07 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-09-06 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +\- Working Session +- [2018-08-31 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-08-31 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-08-30 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-08-24 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- 2018-08-21 SAFE WG proposal to the CNCF TOC +- [2018-08-17 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-08-16 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +\- Working Session +- [2018-08-10 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-08-09 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +\- Working Session +- [2018-08-03 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +- [2018-08-02 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) +\- Working Session +- [2018-07-27 SAFE Meeting](https://docs.google.com/document/d/1DqqeTguBpalPj-y4nqY0uo8vYn_tU6DJzmbIdoyslhw/edit) +- [2018-07-13 SAFE Meeting](https://docs.google.com/document/d/1sniqXFFcP4vpX2bO6NeB31mzO1YOJrcQy2ryXATSHmk/edit) +- [2018-06-29 SAFE Meeting](https://docs.google.com/document/d/1fyBDIm82xtTYWhZu3gyLahltMdTOxl9aWfOfRxYHapo/edit) +- [2018-06-15 SAFE Meeting](https://docs.google.com/document/d/1usB6Xw1GVjW--RkRw1RPypwvUP_E8trtzg9JTO1ZAkM/edit) +- [2018-06-08 SAFE Meeting](https://docs.google.com/document/d/10iJ3wA7uVI6JMyvIv9qXdxdLCyQeS-djYsTqL_JG3d0/edit) +- 2018-06-01 - no meeting +- [2018-05-25 SAFE Meeting](https://docs.google.com/document/d/1LEXzz1PUaboqyIBg-1QBj-R0T1z6950fsetkBEW7b8g/edit) +- [2018-05-18 SAFE Meeting](https://docs.google.com/document/d/1xzJ29fTOJSioqrDuSkvBfsewV2lvgbr8olmDWb4kdPk/edit) +- [2018-05-11 SAFE Meeting](https://docs.google.com/document/d/1U5SKjp4vvN_I1CEw-O0mf7yhjhLzpRnTsaCxQS3CdIQ/edit) +- KubeCon Europe 2018 Deep-dive Session +- KubeCon Europe 2018 Intro Session +- [2018-04-27 SAFE Meeting](https://docs.google.com/document/d/1mtdBg6-8eGgBCfIFT56dDe_LVRCw5_tSeIAsRH_8KfM/edit) +- [2018-04-20 SAFE Meeting](https://docs.google.com/document/d/1B7G0_V1i8DTX-JIzMquUzFJgJBzZN-NWkJDCi62LOh4/edit) \- CNCF TOC Proposal follow-up -* [2018-04-13 SAFE Meeting](https://docs.google.com/document/d/1SVPJzQrEpBixugI1Kjww90RxhaOovdNhWtWb3LsSjYU/edit) +- [2018-04-13 SAFE Meeting](https://docs.google.com/document/d/1SVPJzQrEpBixugI1Kjww90RxhaOovdNhWtWb3LsSjYU/edit) \- Prep for the SAFE WG proposal presentation to the CNCF TOC on 4/17 -* [2018-04-06 SAFE Meeting](https://docs.google.com/document/d/1a_a0dUTdSERgHiAnbUL0r2PNvbTe0SWHmYh7yFhTiFk/edit) +- [2018-04-06 SAFE Meeting](https://docs.google.com/document/d/1a_a0dUTdSERgHiAnbUL0r2PNvbTe0SWHmYh7yFhTiFk/edit) \- SAFE Personas WhitePaper -* [2018-03-30 SAFE Meeting](https://docs.google.com/document/d/1KwqAlBpb8TAex4_ABFmxpPZq9-MPvK3kraLUW9ws1EE/edit) -* [2018-03-23 SAFE Meeting](https://docs.google.com/document/d/1H3VOI9-GqRAj_tdPL9sECF1c8t4x_sF1G08PqLzlUWM/edit) +- [2018-03-30 SAFE Meeting](https://docs.google.com/document/d/1KwqAlBpb8TAex4_ABFmxpPZq9-MPvK3kraLUW9ws1EE/edit) +- [2018-03-23 SAFE Meeting](https://docs.google.com/document/d/1H3VOI9-GqRAj_tdPL9sECF1c8t4x_sF1G08PqLzlUWM/edit) \- NIST Big Data public working group - security and privacy subgroup with Mark Underwood -* [2018-03-16 SAFE Meeting](https://docs.google.com/document/d/1nYN3cy7jrKQbEziT43447w8ZValOuioxEKYE0D4vkPU/edit) -* 2018-03-09 - no meeting -* [2018-03-02 SAFE Meeting](https://docs.google.com/document/d/1vZfDHLh2jy0uH_U_qLpbp64Xy64gu0SrgVLJov4kuMw/edit) +- [2018-03-16 SAFE Meeting](https://docs.google.com/document/d/1nYN3cy7jrKQbEziT43447w8ZValOuioxEKYE0D4vkPU/edit) +- 2018-03-09 - no meeting +- [2018-03-02 SAFE Meeting](https://docs.google.com/document/d/1vZfDHLh2jy0uH_U_qLpbp64Xy64gu0SrgVLJov4kuMw/edit) \- GCP Administrators Bill of Rights with @raycolline -* [2018-02-23 SAFE Meeting](https://docs.google.com/document/d/1U4x1wynL-JlojF1Qidus97t8bJve3XJWTpc07hHCAxU/edit) +- [2018-02-23 SAFE Meeting](https://docs.google.com/document/d/1U4x1wynL-JlojF1Qidus97t8bJve3XJWTpc07hHCAxU/edit) \- Open Policy Agent (OPA) Use Case with [@tsandall](https://github.com/tsandall) and [@timothyhinrichs](https://github.com/timothyhinrichs) -* [2018-02-16 SAFE Meeting](https://docs.google.com/document/d/1aAldFgdU6EhtmQWCFMefFMaevKumDe08wMlfoCt9mFw/edit) +- [2018-02-16 SAFE Meeting](https://docs.google.com/document/d/1aAldFgdU6EhtmQWCFMefFMaevKumDe08wMlfoCt9mFw/edit) \- Cloud Foundry Use Case with [@sreetummidi](https://github.com/sreetummidi) -* [2018-02-07 SAFE Meeting](https://docs.google.com/document/d/1Z30hfVquiRz9dIjek0Tcg540LuX3D4TPhJ3UWpDMltU/edit) +- [2018-02-07 SAFE Meeting](https://docs.google.com/document/d/1Z30hfVquiRz9dIjek0Tcg540LuX3D4TPhJ3UWpDMltU/edit)
From 13dbe85aeafe046660d53fd62771af498ac6517b Mon Sep 17 00:00:00 2001 From: Andres Vega Date: Wed, 19 Jun 2024 21:25:03 -0700 Subject: [PATCH 04/14] Fix deadlinks in past events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega --- community/events/past-events.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/community/events/past-events.md b/community/events/past-events.md index 79bf1848d..a7a4b574c 100644 --- a/community/events/past-events.md +++ b/community/events/past-events.md @@ -117,7 +117,7 @@ A list of past KubeCon/Cloud Native SecurityCon events an be found [here](cloud_ - [2019-01-10 SAFE Meeting](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) \- Working Session - :star: [new meeting notes doc](https://docs.google.com/document/d/1WLnEErqODywjkQVTAESpwK8pgIbxsNDp6SqOtw3kjlk/edit) - [2018-12-21 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) -- [2018-12-13 SAFE WG BOF Deep Dive @ KubeCon + CloudNativeCon North America 2018](https://kccna18.sched.com/event/GrdR/deep-dive-safe-bof-jeyappragash-jeyakeerthi-padmeio-dan-shaw-danshaw-llc) +- [2018-12-13 SAFE WG BOF Deep Dive @ KubeCon + CloudNativeCon North America 2018](https://www.youtube.com/watch?v=VSoPHK6BVMU) - 2018-12-11 SAFE WG Dinner @ KubeCon + CloudNativeCon North America 2018 - [2018-12-11 SAFE WG BOF Intro @ KubeCon + CloudNativeCon North America 2018](https://kccna18.sched.com/event/GrbV/intro-safe-bof-jeyappragash-jeyakeerthi-padmeio-dan-shaw-danshaw-llc) @@ -132,7 +132,7 @@ A list of past KubeCon/Cloud Native SecurityCon events an be found [here](cloud_ - [2018-11-15 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) \- Working Session - 2018-11-14 - KubeCon Shanghai 2018 Intro Session: -[Intro: SAFE (A Cloud Native Security Working Group)](https://kccncchina2018english.sched.com/event/FuLG) +[Intro: SAFE (A Cloud Native Security Working Group)](https://www.youtube.com/watch?v=Rdtp6fc9eR0) - 2018-11-09 - no meeting: [SPIFFE Community Day](https://docs.google.com/document/d/1Gt91uPgemRuW56P3qnuQfs0VoWn_2n0D8N-LxpnUu5c/edit) - [2018-11-08 SAFE Meeting](https://docs.google.com/document/d/1JsEv4vk_61UaF9SaHBRzzPGja-bNsHeLqxa53RPVfos/edit) \- Working Session From 90fb63d8bc65ce587df9bc7b1db3d8d516dd5b03 Mon Sep 17 00:00:00 2001 From: Andres Vega Date: Wed, 19 Jun 2024 21:31:07 -0700 Subject: [PATCH 05/14] Update README.md with new links to community subdirectory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega --- README.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 21cde8001..aed186ab0 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Security Technical Advisory Group -![Cloud Native Security Logo](/design/logo/cloud-native-security-horizontal-darkmodesafe.svg) +![Cloud Native Security Logo](/community/resources/design/logo/cloud-native-security-horizontal-darkmodesafe.svg) ## Quick links @@ -25,7 +25,7 @@ We aim to significantly reduce the probability and impact of attacks, breaches, ## Publications -Below is a list of publications by TAG Security. For a comprehensive collection of our works in various formats, please visit the [publications](publications/README.md) directory. +Below is a list of publications by TAG Security. For a comprehensive collection of our works in various formats, please visit the [publications](community/publications/README.md) directory. | Publication | Date | |-------------|------| @@ -64,14 +64,13 @@ To add a topic to the agenda, review our [process](governance/process.md#getting ## Gatherings - [Cloud Native SecurityCon 24](https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/) June 26-27, 2024 in Seattle, Washington -- [Past events](past-events.md) +- [Past events](community/events/past-events.md) ## New members If you are new to the group, we encourage you to check out our [contributing guidelines](CONTRIBUTING.md). - ## Related groups Explore groups affiliated with or relevant to Security TAG [here](governance/related-groups/README.md) @@ -119,13 +118,13 @@ Each group, led by a responsible leader, reaches consensus on issues and manages | Project | Leads | |---------------------------------|---------------------------------------------| -| [Research](/community/research/README.md) | Andrés Vega | -| [Automated Governance](/community/automated-governance/README.md) | Andrés Vega, Brandt Keller | +| [Research](/community/working-groups/research/README.md) | Andrés Vega | +| [Automated Governance](/community/working-groups/automated-governance/README.md) | Andrés Vega, Brandt Keller | | [Catalog of Supply Chain Compromises](/community/catalog/README.md) | Santiago Arias Torres | -| [Compliance](/community/compliance/README.md) | Anca Sailer, Robert Ficcaglia | -| [Controls](/community/controls/README.md) | Jon Zeolla | +| [Compliance](/community/working-groups/compliance/README.) | Anca Sailer, Robert Ficcaglia | +| [Controls](/community/working-groups/controls/README.md) | Jon Zeolla | | [Security Reviews](/assessments/README.md) | Justin Cappos, Eddie Knight| -| [Software Supply Chain](/community/supply-chain-security/README.md) | Marina Moore, Michael Liebermann, John Kjell | +| [Software Supply Chain](/community/working-groups/supply-chain-security/README.md) | Marina Moore, Michael Liebermann, John Kjell | ## Additional information From 8a2d1a796cb294dd398642184281961e913beb67 Mon Sep 17 00:00:00 2001 From: Andres Vega Date: Wed, 19 Jun 2024 21:39:53 -0700 Subject: [PATCH 06/14] Update links to publications to new relative paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index aed186ab0..f941f7d9d 100644 --- a/README.md +++ b/README.md @@ -29,17 +29,17 @@ Below is a list of publications by TAG Security. For a comprehensive collection | Publication | Date | |-------------|------| -| [Formal Verification for Policy Configurations](https://github.com/cncf/tag-security/blob/main/policy/overview-policy-formal-verification.md) | August, 2019 | -| [Catalog of Supply Chain Compromises](https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises) | November 2019 - Present | -| [Software Supply Chain Best Practices](https://github.com/cncf/tag-security/raw/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf) | May, 2021 | -| [Evaluating your Supply Chain Security](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md) | May, 2021 | -| [Cloud Native Security Lexicon](https://github.com/cncf/tag-security/blob/main/security-lexicon/cloud-native-security-lexicon.md) | August, 2021 | -| [Cloud Native Security Whitepaper](https://www.cncf.io/wp-content/uploads/2022/06/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf) | May, 2022 | -| [Cloud Native Security Controls Catalog](https://github.com/cncf/tag-security/blob/main/cloud-native-controls/phase-one-announcement.md) | May, 2022 | -| [Handling Build-time Dependency Vulnerabilities](https://github.com/cncf/tag-security/blob/main/policy/overview-policy-build-time-dependency-vulns.md) | June, 2022 | -| [Secure Software Factory: A Reference Architecture to Securing the Software Supply Chain](https://github.com/cncf/tag-security/raw/main/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf) | May, 2022 | -| [Secure Defaults](https://github.com/cncf/tag-security/blob/main/security-whitepaper/secure-defaults-cloud-native-8.md) | February, 2022 | -| [Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security](https://github.com/cncf/tag-security/blob/main/assessments/Open_and_Secure.pdf) | November, 2023 | +| [Formal Verification for Policy Configurations](community/working-groups/archive/policy/overview-policy-formal-verification.md) | August, 2019 | +| [Catalog of Supply Chain Compromises](community/catalog/compromises) | November 2019 - Present | +| [Software Supply Chain Best Practices](community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf) | May, 2021 | +| [Evaluating your Supply Chain Security](community/working-groups/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md) | May, 2021 | +| [Cloud Native Security Lexicon](community/resources/security-lexicon/cloud-native-security-lexicon.md) | August, 2021 | +| [Cloud Native Security Whitepaper](community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf) | May, 2022 | +| [Cloud Native Security Controls Catalog](community/working-groups/controls/phase-one-announcement.md) | May, 2022 | +| [Handling Build-time Dependency Vulnerabilities](community/working-groups/archive/policy/overview-policy-build-time-dependency-vulns.md) | June, 2022 | +| [Secure Software Factory: A Reference Architecture to Securing the Software Supply Chain](community/working-groups/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf) | May, 2022 | +| [Secure Defaults](community/resources/security-whitepaper/secure-defaults-cloud-native-8.md) | February, 2022 | +| [Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security](assessments/Open_and_Secure.pdf) | November, 2023 | ## Governance From e3ea48d938752da24f39c1f81bfd17ca6b13cb92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Vega?= Date: Wed, 19 Jun 2024 21:53:54 -0700 Subject: [PATCH 07/14] Update links to new relative paths under project resources MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega --- community/resources/project-resources/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/community/resources/project-resources/README.md b/community/resources/project-resources/README.md index 181fd7ac3..1541f996f 100644 --- a/community/resources/project-resources/README.md +++ b/community/resources/project-resources/README.md @@ -3,7 +3,7 @@ This directory is intended to provide CNCF and other open source projects with resources and templates to assist in kick-starting their security practices. The templates, guides, and other documents herein assist projects in completion -of the [self-assessment](../assessments/guide/self-assessment.md) as well as a few +of the [self-assessment](/assessments/guide/self-assessment.md) as well as a few items in the [CII badging](https://bestpractices.coreinfrastructure.org/en) process. @@ -77,7 +77,7 @@ and discussions as guidance when determining the content of their updates. It is highly recommended that you seek peer review for your updates beyond that of the Technical Leads and Chairs. More information on contributions to this -repo may be found in the [contributing file](../CONTRIBUTING.md). +repo may be found in the [contributing file](/CONTRIBUTING.md). #### New templates & updating contribute.cncf.io From d9c79feba6ffc09ee1f01556d194da94f4d23e04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Vega?= Date: Wed, 19 Jun 2024 22:34:56 -0700 Subject: [PATCH 08/14] Handful of deadlinks in compromises folder and one readme typo on relpath MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega --- README.md | 2 +- community/catalog/README.md | 2 +- community/catalog/compromises/2019/monero.md | 2 +- community/catalog/compromises/2020/thegreatsuspender.md | 4 +++- .../catalog/compromises/2022/auth0-source-code-leak.md | 2 +- community/catalog/compromises/2022/ctx-and-phpass.md | 2 ++ community/catalog/compromises/README.md | 4 ++-- community/resources/landscape/README.md | 6 +++--- .../resources/security-fuzzing-handbook/fuzzing-handbook.md | 2 +- community/working-groups/supply-chain-security/README.md | 6 +++--- 10 files changed, 18 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index f941f7d9d..a8d4394e9 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ Each group, led by a responsible leader, reaches consensus on issues and manages | [Research](/community/working-groups/research/README.md) | Andrés Vega | | [Automated Governance](/community/working-groups/automated-governance/README.md) | Andrés Vega, Brandt Keller | | [Catalog of Supply Chain Compromises](/community/catalog/README.md) | Santiago Arias Torres | -| [Compliance](/community/working-groups/compliance/README.) | Anca Sailer, Robert Ficcaglia | +| [Compliance](/community/working-groups/compliance/README.md) | Anca Sailer, Robert Ficcaglia | | [Controls](/community/working-groups/controls/README.md) | Jon Zeolla | | [Security Reviews](/assessments/README.md) | Justin Cappos, Eddie Knight| | [Software Supply Chain](/community/working-groups/supply-chain-security/README.md) | Marina Moore, Michael Liebermann, John Kjell | diff --git a/community/catalog/README.md b/community/catalog/README.md index 0b4f3298b..87db212d1 100644 --- a/community/catalog/README.md +++ b/community/catalog/README.md @@ -2,7 +2,7 @@ The Catalog of Supply Chain Compromises provides real-world examples that help raise awareness and provide detailed information that lets us understand attack vectors and consider how to mitigate potential risk. -For information on how to contribute, check the [catalog](/supply-chain-security/compromises) directly. +For information on how to contribute, check the [catalog](./compromises/) directly. ## Contact diff --git a/community/catalog/compromises/2019/monero.md b/community/catalog/compromises/2019/monero.md index 4e7ae73b4..63b408581 100644 --- a/community/catalog/compromises/2019/monero.md +++ b/community/catalog/compromises/2019/monero.md @@ -19,4 +19,4 @@ This incident fits the [Publishing Infrastructure](../compromise-definitions.md# - [Warning: The binaries of the CLI wallet were compromised for a short time](https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html) - [Wrong hashes (from getmonero.org)](https://github.com/monero-project/monero/issues/6151) -- [Security Warning: CLI binaries available on getmonero.org may have been compromised at some point during the last 24h.](https://old.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/) \ No newline at end of file +- [Security Warning: CLI binaries available on getmonero.org may have been compromised at some point during the last 24h.](https://www.reddit.com/r/Monero/comments/dyfozs/security_warning_cli_binaries_available_on/) \ No newline at end of file diff --git a/community/catalog/compromises/2020/thegreatsuspender.md b/community/catalog/compromises/2020/thegreatsuspender.md index 67a44b240..0cf51a7a3 100644 --- a/community/catalog/compromises/2020/thegreatsuspender.md +++ b/community/catalog/compromises/2020/thegreatsuspender.md @@ -20,10 +20,12 @@ diverged from its Github source. A minor change in the manifest was now being shipped on the chrome web store, which was not included in Github. This is a major concern. + As a final red flag, no part of the web-store posting has been updated to account for this. [@greatsuspender](https://github.com/greatsuspender) remains listed as -the maintainer, and the privacy policy makes no mention of the new tracking or +the maintainer, and a privacy policy makes no mention of the new tracking or maintainer [greatsuspender privacy policy](https://greatsuspender.github.io/privacy). + On November 6th, [@lucasdf](https://github.com/lucasdf) discovered a smoking gun that the new maintainer is malicious. Although OpenWebAnalytics is legitimate diff --git a/community/catalog/compromises/2022/auth0-source-code-leak.md b/community/catalog/compromises/2022/auth0-source-code-leak.md index 166f042e5..a4b69faf2 100644 --- a/community/catalog/compromises/2022/auth0-source-code-leak.md +++ b/community/catalog/compromises/2022/auth0-source-code-leak.md @@ -13,7 +13,7 @@ to Okta environments. It's not entirely clear what the type of compromise is here. It appears to be source code like the [Intel BIOS -leak](/supply-chain-security/compromises/2022/intel-alder-lake-BIOS-leak.md) and +leak](community/catalog/compromises/2022/intel-alder-lake-BIOS-leak.md) and might also involve dev tooling depending on how the attacker gained access to the source code. diff --git a/community/catalog/compromises/2022/ctx-and-phpass.md b/community/catalog/compromises/2022/ctx-and-phpass.md index 224d8a8c4..e3cdc0443 100644 --- a/community/catalog/compromises/2022/ctx-and-phpass.md +++ b/community/catalog/compromises/2022/ctx-and-phpass.md @@ -19,6 +19,8 @@ This incident fits the [Dev Tooling](../compromise-definitions.md#dev-tooling) d ## References + - [How I hacked CTX and PHPass Modules](https://sockpuppets.medium.com/how-i-hacked-ctx-and-phpass-modules-656638c6ec5e) - [Twitter thread on the topic](https://twitter.com/s0md3v/status/1529005758540808192) - [Reddit's I think the CTX package on PyPI has been hacked!](https://www.reddit.com/r/Python/comments/uwhzkj/i_think_the_ctx_package_on_pypi_has_been_hacked/) + diff --git a/community/catalog/compromises/README.md b/community/catalog/compromises/README.md index e413e0403..d0cf628f4 100644 --- a/community/catalog/compromises/README.md +++ b/community/catalog/compromises/README.md @@ -23,7 +23,7 @@ enforcement of one of open sources founding principles, "[Linus's Law](https://en.wikipedia.org/wiki/Linus%27s_law)". When submitting an addition, please review the -[definitions](https://github.com/cncf/sig-security/blob/master/supply-chain-security/compromises/compromise-definitions.md) +[definitions](./compromise-definitions.md) page to ensure the Type of Compromise on the details of the incidents as well as the Catalog itself are consistent. If a definition doesn't exist or a new type of compromise needs added, please include that as well. @@ -34,7 +34,7 @@ of compromise needs added, please include that as well. | [3proxy signing incident](2024/laixi-3proxy.md) | 2024 | Trust and Signing | [1](https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/) | | [xz backdoor incident](2024/xz.md) | 2024 | Malicious Maintainer | [1](https://cloudsecurityalliance.org/blog/2024/04/25/navigating-the-xz-utils-vulnerability-cve-2024-3094-a-comprehensive-guide) | | [GitGot: using GitHub repositories as exfiltration store](2024/gitgot.md) | 2024 | Trust and Signing | [1](https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data) | -| [ManageEngine xmlsec dependency](2023/xmlsec-manageengine.md) | 2023 | Outdated Dependencies | [1](ttps://flashpoint.io/blog/manageengine-apache-santuario-cve-2022-47966) | +| [ManageEngine xmlsec dependency](2023/xmlsec-manageengine.md) | 2023 | Outdated Dependencies | [1](https://flashpoint.io/blog/manageengine-apache-santuario-cve-2022-47966) | | [Retool Spear Phishing](2023/retool-portal-mfa.md) | 2023 | Dev Tooling | [1](https://www.coindesk.com/business/2023/09/13/phishing-attack-on-cloud-provider-with-fortune-500-clients-led-to-15m-crypto-theft-from-fortress-trust/) | | [Fake Dependabot commits](2023/fake-dependabot.md) | 2023 | Source Code | [1](https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/) | | [Okta Source Code Theft](2022/okta-github-repo-leak.md) | 2022 | Source Code
Dev Tooling | [1](https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/) | diff --git a/community/resources/landscape/README.md b/community/resources/landscape/README.md index 642f9b9fb..ac6e051d3 100644 --- a/community/resources/landscape/README.md +++ b/community/resources/landscape/README.md @@ -1,9 +1,9 @@ ## Goal -The [SAFE roadmap](../roadmap.md) includes describing the landscape of -cloud-native security. We evaluated categories in the +TAG Security evaluated categories in the [CNCF Landscape](https://landscape.cncf.io/) and -determined the need for a [modified approach](approach.md). +determined the need for a [modified approach](approach.md) to describe +the landscape of cloud native security. We propose [categories](categories.md) as a draft structure for a “Cloud Native Security Landscape”. We drafted this document after reviewing the current list diff --git a/community/resources/security-fuzzing-handbook/fuzzing-handbook.md b/community/resources/security-fuzzing-handbook/fuzzing-handbook.md index 2825c710c..5f7e0f8b2 100644 --- a/community/resources/security-fuzzing-handbook/fuzzing-handbook.md +++ b/community/resources/security-fuzzing-handbook/fuzzing-handbook.md @@ -1780,7 +1780,7 @@ In the `project.yaml` we enabled issue reporting via GitHub, specifically `file_ ![OSS-Fuzz auto-bot reporting a bug](imgs/OSS-Fuzz-GitHub-bot-reporting-an-issue.png) -In addition to the GitHub issue we also received an email notification at the same time, with the exact same content as in the GitHub issue. This email was sent out to all emails listed in the project.yaml. The content of the text is scarce and to extract more insights we need to follow the links in the description to bug reports. There are two links to further details about the issue, one for https://bugs.chromium.org/… and one for https://oss-fuzz.com/… The bug report on https://oss-fuzz.com/… has the most details and will always remain only visible to the emails listed in project.yaml and the details listed on https://bugs.chromium.org/… has slightly more information about the bug report than the GitHub issue and this report will remain private until the bug disclosure deadlines has passed, which is 90 days, or until the issue is fixed. +In addition to the GitHub issue we also received an email notification at the same time, with the exact same content as in the GitHub issue. This email was sent out to all emails listed in the project.yaml. The content of the text is scarce and to extract more insights we need to follow the links in the description to bug reports. There are two links to further details about the issue, one for https://bugs.chromium.org/ and one for https://oss-fuzz.com/. The bug report on https://oss-fuzz.com/ has the most details and will always remain only visible to the emails listed in project.yaml and the details listed on https://bugs.chromium.org/ has slightly more information about the bug report than the GitHub issue and this report will remain private until the bug disclosure deadlines has passed, which is 90 days, or until the issue is fixed. ### Viewing detailed bug reports diff --git a/community/working-groups/supply-chain-security/README.md b/community/working-groups/supply-chain-security/README.md index f41ec69a7..bcaefee5c 100644 --- a/community/working-groups/supply-chain-security/README.md +++ b/community/working-groups/supply-chain-security/README.md @@ -21,13 +21,13 @@ mitigation techniques for the more well understood categories. STAG (Security Technical Advisory Group) has put work into a comprehensive software supply chain paper highlighting best practices for high and medium risk environments. Please check out -[the paper](../supply-chain-security-paper/sscsp.md) +[the paper](./supply-chain-security-paper/sscsp.md) and corollary -[secure supply chain assessment document](../supply-chain-security-paper/secure-supply-chain-assessment.md) +[secure supply chain assessment document](./supply-chain-security-paper/secure-supply-chain-assessment.md) to learn more. For information about contributing to the document or providing feedback, please -refer to the [README](../supply-chain-security-paper/README.md). +refer to the [README](./supply-chain-security-paper/README.md). ## Meeting Information From 77cc7a14b8559853fe59732a38d6cd13a0c986fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Vega?= Date: Thu, 20 Jun 2024 16:12:27 -0700 Subject: [PATCH 09/14] Update Hugo build configuration and content paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Adjust rsync commands to include community publications and move resources to the correct paths. - Ensure the `rsync` command creates necessary directories with `--mkpath`. - Maintain the structure and readability of markdown files. - Update commands to move graphics and logos. - Preserve Hugo's ability to serve content and generate the site effectively. Co-authored-by: Brandt Keller Signed-off-by: Andrés Vega --- website/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/website/Makefile b/website/Makefile index 0fca670c5..34a2300c9 100644 --- a/website/Makefile +++ b/website/Makefile @@ -5,11 +5,11 @@ deps: rsync -avv ../ root/ \ --include='assessments' --include='assessments/**' \ --include='governance' --include='governance/**' \ - --include='publications' --include='publications/**' \ + --include='community/publications' --include='community/publications/**' \ --include='*.md' --exclude='*' # Move over content such as graphics and logos - rsync -av '../design/' 'static/design/' --exclude='#*' + rsync -av --mkpath '../community/resources/design/' 'static/community/resources/design/' --exclude='#*' # Update all imported markdown files to work as standalone hugo pages (except READMEs, see below) # sed command is configured for the Netlify ubuntu env @@ -75,3 +75,4 @@ clean: @rm -rf public resource @find root/* -type f ! -name '*.gitkeep' -print0 | xargs -0 rm -v @echo "Finished removing anything residual" + \ No newline at end of file From 1892ff45b2fe06a99b998568b70f251df4ba4895 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Vega?= Date: Thu, 20 Jun 2024 16:20:17 -0700 Subject: [PATCH 10/14] Fix build error and update Hugo build configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove unsupported `--mkpath` option from `rsync` command. - Ensure directories are created before moving resources. - Adjust `rsync` commands to include community publications and move resources to correct paths Co-authored-by: Brandt Keller Signed-off-by: Andrés Vega --- website/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/Makefile b/website/Makefile index 34a2300c9..f3feb5038 100644 --- a/website/Makefile +++ b/website/Makefile @@ -9,7 +9,8 @@ deps: --include='*.md' --exclude='*' # Move over content such as graphics and logos - rsync -av --mkpath '../community/resources/design/' 'static/community/resources/design/' --exclude='#*' + mkdir -p static/community/resources/design/ + rsync -av '../community/resources/design/' 'static/community/resources/design/' --exclude='#*' # Update all imported markdown files to work as standalone hugo pages (except READMEs, see below) # sed command is configured for the Netlify ubuntu env @@ -74,5 +75,4 @@ clean: @git clean -f . @rm -rf public resource @find root/* -type f ! -name '*.gitkeep' -print0 | xargs -0 rm -v - @echo "Finished removing anything residual" - \ No newline at end of file + @echo "Finished removing anything residual" \ No newline at end of file From 1f1bd45d4ee6ba985357664b0cd3b2ec6c38bae0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Vega?= Date: Sat, 22 Jun 2024 18:36:21 -0700 Subject: [PATCH 11/14] Fix in link in compromises/README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega --- community/catalog/compromises/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/community/catalog/compromises/README.md b/community/catalog/compromises/README.md index 7d6bb27df..3e267934d 100644 --- a/community/catalog/compromises/README.md +++ b/community/catalog/compromises/README.md @@ -8,8 +8,7 @@ The goal is not to catalog every known supply chain attack, but rather to captur many examples of different kinds of attack, so that we can better understand the patterns and develop best practices and tools. -For definitions of each compromise type, please check out our [compromise -definitions page](/supply-chain-security/compromises/compromise-definitions.md) +For definitions of each compromise type, please check out our [compromise definitions page](community/catalog/compromises/compromise-definitions.md) We welcome additions to this catalog by [filing an issue](https://github.com/cncf/tag-security/issues/new/choose) or [github pull From d7f4bb37a031f6f2bbec0a38e497c52fbac2fea0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Vega?= Date: Fri, 12 Jul 2024 12:31:21 -0700 Subject: [PATCH 12/14] Resolve merge conflicts in README MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index c986d5522..80b5db682 100644 --- a/README.md +++ b/README.md @@ -129,5 +129,4 @@ For [CNCF project proposal process](https://github.com/cncf/toc/blob/main/proces create a new [security review issue](https://github.com/cncf/tag-security/issues/new?assignees=&labels=assessment&template=security-assessment.md&title=%5BAssessment%5D+Project+Name) with a -[self-assessment](/community/assessments/guide/self-assessment.md) -. +[self-assessment](/community/assessments/guide/self-assessment.md). From afd1e19c5b189e3b26e876cd99a5a2c75ace3982 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Vega?= Date: Fri, 12 Jul 2024 20:19:44 -0700 Subject: [PATCH 13/14] Fix URL parsing error in Spanish security whitepaper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Resolved Netlify build failure caused by incorrect URL formatting - Removed extra parentheses around URLs in cloud-native-security-whitepaper-spanish.md Signed-off-by: Andrés Vega --- .../v1/cloud-native-security-whitepaper-spanish.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md b/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md index a5f569805..1dae1e5d1 100644 --- a/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md +++ b/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md @@ -317,7 +317,7 @@ Con respecto a los objetivos de las garantías de seguridad, se deben evaluar la #### Etapa de Pruebas -Las aplicaciones nativas para la nube deben estar sujetas al mismo conjunto y estándar de pruebas de calidad que las aplicaciones tradicionales. Estos incluyen conceptos de código limpio, adhesión a la [Pirámide de Prueba]((https://martinfowler.com/articles/practical-test-pyramid.html)), escaneo de seguridad de aplicación y linting a través de pruebas de la seguridad de aplicaciones estáticas (SAST), análisis y escaneo de dependencias, pruebas de seguridad de aplicaciones dinámicas (DAST) (por ejemplo, mocking), instrumentación de aplicación e infraestructura completa con pruebas disponibles para los desarrolladores en flujos de trabajo locales. Los resultados de las pruebas automatizadas deben regresar a los requisitos para una comprobación dual (desarrollador y herramienta) para garantizar la seguridad en tiempo real a los equipos de seguridad y el cumplimiento normativo. +Las aplicaciones nativas para la nube deben estar sujetas al mismo conjunto y estándar de pruebas de calidad que las aplicaciones tradicionales. Estos incluyen conceptos de código limpio, adhesión a la [Pirámide de Prueba](https://martinfowler.com/articles/practical-test-pyramid.html), escaneo de seguridad de aplicación y linting a través de pruebas de la seguridad de aplicaciones estáticas (SAST), análisis y escaneo de dependencias, pruebas de seguridad de aplicaciones dinámicas (DAST) (por ejemplo, mocking), instrumentación de aplicación e infraestructura completa con pruebas disponibles para los desarrolladores en flujos de trabajo locales. Los resultados de las pruebas automatizadas deben regresar a los requisitos para una comprobación dual (desarrollador y herramienta) para garantizar la seguridad en tiempo real a los equipos de seguridad y el cumplimiento normativo. Una vez que se ha identificado un error de seguridad (por ejemplo, un firewall incorrecto o una regla de enrutamiento), si el análisis de la causa raíz determina que tiene una posibilidad razonable de recurrencia, los desarrolladores deben escribir una prueba automatizada para evitar la regresión del defecto. En la falla de la prueba, los equipos recibirán comentarios para corregir el error y con la próxima fusión, la prueba pasará (suponiendo que fue corregido). Hacer esto, defiende contra la regresión debido a los cambios futuros en ese código. Las pruebas unitarias de la infraestructura es un control preventivo y se dirige a las entidades y entradas definidas en la configuración de infraestructura como código (IaC). Las pruebas de seguridad de la infraestructura construida son un control de detección y combinan garantía, regresiones históricas y detección de configuración inesperada (reglas de firewall abiertas al mundo, políticas de demasiado acceso privilegiado y manejo de acceso (IAM), endpoints no autenticados, etc.). From f8e8e3c4b9c74cc1f3ea71e7cb8cbb24f015f150 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Vega?= Date: Tue, 13 Aug 2024 21:09:56 -0700 Subject: [PATCH 14/14] Corrected malformed URL in cloud-native-security-whitepaper-spanish.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Vega Signed-off-by: Andrés Vega --- .../v1/cloud-native-security-whitepaper-spanish.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md b/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md index 1dae1e5d1..8821293aa 100644 --- a/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md +++ b/community/resources/security-whitepaper/v1/cloud-native-security-whitepaper-spanish.md @@ -540,7 +540,7 @@ Especificar el UID o GID del volumen sigue permitiendo el acceso del contenedor ##### Registros de Artefactos Los registros deben incluir tecnologías para firmar y verificar los artefactos de OCI. También es importante asegurarse de que las herramientas de almacenamiento en caché y distribución también proporcionen la capacidad de firmar, cifrar y proporcionar sumas de comprobación para garantizar que la capa de caché pueda detectar manipulaciones o intentos de envenenar el conjunto de datos. -El documento técnico [v2]((https://bit.ly/cncf-storage-whitepaperV2)) sobre almacenamiento de la CNCF proporciona información adicional sobre los conceptos, la terminología, los patrones de uso y las clases de tecnología del almacenamiento nativo en la nube. +El documento técnico [v2](https://bit.ly/cncf-storage-whitepaperV2)) sobre almacenamiento de la CNCF proporciona información adicional sobre los conceptos, la terminología, los patrones de uso y las clases de tecnología del almacenamiento nativo en la nube. ### Acceso