Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create joint-assessment for OpenFGA #1289

Merged
merged 12 commits into from
Jul 31, 2024
Merged

Create joint-assessment for OpenFGA #1289

merged 12 commits into from
Jul 31, 2024

Conversation

krishnakv
Copy link
Contributor

Create joint assessment for OpenFGA.

Linked to the issue [TSSA] OpenFGA #1236.

Project Name: OpenFGA
Github URL: https://github.com/openfga/openfga/blob/main/docs/security-self-assessment.md
CNCF project stage: cncf/toc#1276 (incubation)
Security Provider: yes (e.g. Is the primary function of the project to support the security of an integrating system?)
Project security lead @lj365
Lead security reviewer @sunstonesecure-robert
1 or more additional reviewer(s) @eddie-knight @ashutosh-narkar @krishnakv Observers: @wibarre

Project lead provides draft document

We are at " Share draft findings with project" phase.

@krishnakv
Create joint-assessment.md
a1064a1 
Create joint-assessment page for OpenFGA.

Signed-off-by: Krishna V <[email protected]>
@netlify Netlify
Copy link

netlify bot commented Jun 21, 2024
edited
Loading

Deploy Preview for tag-security ready!

Name Link
🔨 Latest commit 54d8034
🔍 Latest deploy log https://app.netlify.com/sites/tag-security/deploys/66aa79b576469b0008bbc178
😎 Deploy Preview https://deploy-preview-1289--tag-security.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@JustinCappos
Copy link
Collaborator

I'm a little confused about this issue. Why create this when #1236 exists? (Sorry, if I'm missing something.)

@eddie-knight
Copy link
Collaborator

Tracking— @JustinCappos we'll update the checkboxes on #1236

aaguiarz
aaguiarz reviewed Jun 22, 2024
View reviewed changes
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
miparnisari
miparnisari reviewed Jun 26, 2024
View reviewed changes
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
assessments/projects/openfga/joint-assessment.md Outdated Show resolved Hide resolved
Krishna V and others added 5 commits June 30, 2024 22:26
fix: comments from project review
1c62c5c 
Signed-off-by: Krishna V <[email protected]>
chore: merge changes from main
ead9fb5 
Signed-off-by: Krishna V <[email protected]>
fix: correct the issue around PII to refer to tuples, not models
fc45341 
Signed-off-by: Krishna V <[email protected]>
doc: added the remediation project link to Roadmap section
45c99ac 
Signed-off-by: Krishna V <[email protected]>
@rficcaglia
Update joint-assessment.md
8d52e46 
adding additional findings, modifications to highlight informational findings, small edits

Signed-off-by: Robert A Ficcaglia <[email protected]>
JustinCappos
JustinCappos requested changes Jul 9, 2024
View reviewed changes
Copy link
Collaborator

@JustinCappos JustinCappos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are governance/blog-guidelines.md , etc. changing as part of this PR?

@rficcaglia
Copy link
Contributor

Why are governance/blog-guidelines.md , etc. changing as part of this PR?

I think maybe this PR is stomping over PR #1311 that was recently merged in due to my PR from the fork of the fork. @krishnakv to correct this I think this might be the answer:
https://stackoverflow.com/questions/16306012/github-pull-request-showing-commits-that-are-already-in-target-branch

e.g. says to rebase.

Merge branch 'feature/openfga-assessment' of https://github.com/rficc…
493312b 
…aglia/tag-security into rficcaglia-feature/openfga-assessment

Signed-off-by: Krishna V <[email protected]>
@krishnakv
Copy link
Contributor Author

Why are governance/blog-guidelines.md , etc. changing as part of this PR?

I think maybe this PR is stomping over PR #1311 that was recently merged in due to my PR from the fork of the fork. @krishnakv to correct this I think this might be the answer: https://stackoverflow.com/questions/16306012/github-pull-request-showing-commits-that-are-already-in-target-branch

e.g. says to rebase.

All changes are merged now and I can see that only the joint-assessment is listed as the modified document.

image

@aaguiarz
Copy link
Contributor

@krishnakv @JustinCappos @eddie-knight is there anything else pending to merge this one?

@eddie-knight eddie-knight merged commit c5fe5b1 into cncf:main Jul 31, 2024
7 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miparnisari miparnisari miparnisari left review comments

@aaguiarz aaguiarz aaguiarz left review comments

@JustinCappos JustinCappos JustinCappos approved these changes

@eddie-knight eddie-knight Awaiting requested review from eddie-knight

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@krishnakv @JustinCappos @eddie-knight @rficcaglia @aaguiarz @miparnisari