This site may contain outdated or incomplete information.
Security TAG Roadmap
Overview
Note: TAG-Security was rebranded from SAFE working group. The below roadmap includes SAFE WG and TAG-Security in its timeline.
#2 Discover | #3 Describe | #4 Identify | |
---|---|---|---|
Artifacts | Personas Use Cases Categories | Standards Common Definitions Block Architecture | Catalog Projects Fill in Boxes Identify Gaps |
Topics | Presentations TAG members & guests | Standards in Practice Real World Systems Architecture | Platforms & Products Tools & Libraries |
Details
- Charter the SAFE Working Group. Draft vision, process and initial members (done, see below)
- Discover (Completed)
- Explore the problem space of the working group
- Investigating what is happening in the community today with respect to security for cloud native applications and infrastructure
- Presentations from members & guests
- Describe personas & use cases
- Draft a picture or set of categories that will serve as a starting point for an evaluation framework
- Solicit real world use cases and practices (and compensating controls) for projects
- Describe (in progress)
- Define the terminology used in the output documents, and in the community
- Describe the current state (map) of cloud native security, which might include:
- existing standards
- existing open source, and proprietary, solutions
- common patterns in use today for system that works for cloud native apps. For example:
- Extract end-to-end view of secure access, and
- Common layering or a block architecture
- Identify existing security components in CNCF and projects in the CNCF landscape and catalog
- Identify gaps and make recommendations to the community and TOC
- Continually monitor the viability of the existing projects and update the landscape document
- Document and disseminate best practices (provide training?)
Upcoming
TAG-Security strives to perform annual planning and quarterly reviews of our roadmap plans. The Roadmap planning project board for each annum is a live board and is continually updated. Boards may have cards added which indicate early concepts or needs for discovery, prior to become proposals or projects.
Year | Board Link |
---|---|
2021-2022 | RoadMap Planning Board |
Ongoing efforts
TAG-Security maintains a few activities as regular business. Boards tracking these items linked below.
Effort | Board Link | Description |
---|---|---|
CNCF project security reviews | Security Review Queue | This board is used to manage upcoming and current security reviews and security review related activities. |
TAG-Security Projects | Project Tracking Board | This board is used to manage upcoming proposals (backlog) and ongoing projects. |
Issue Triage | Triage Board | This board is used to assist the Triage team in managing the queue of issues. |
Completed
Milestone | Date | Action |
---|---|---|
First Community Translation | 27 Feb 2021 | Chinese translation of Whitepaper |
Security Assessments => Reviews | 23 Feb 2021 | Retrospective resulted in process updates |
APAC meetings start | 1 Feb 2021 | Regular meeting time added to README |
Expanded to 5 Tech Leads | 13 Jan 2021 | TOC Approves @ashutosh-narkar , @achetal01 , @anvega |
Cloud Native Security Whitepaper v1 | 18 Nov 2020 | Markdown source and images in repo |
First five security assessments | 21 Oct 2020 | In-toto, OPA, SPIFFE/SPIRE, Harbor, Keycloak |
First chair rotation | 15 Sep 2020 | TOC approves @TheFoxAtWork with new chair proposal process |
DoD Kubernetes/Container Security controls proposed | 26 Jun 2020 | LF collaboration with US DoD merged to DoD repo |
First Tech Leads | 25 Feb 2020 | TOC approves @lumjjb @TheFoxAtWork @JustinCappos |
Security Assessment intake process | 7 Jan 2020 | Intake process and prioritization |
First Cloud Native Security Day | 19 Nov 2019 | Event organized by @mfdii and @TheFoxAtWork |
Software supply chain catalog | 14 Nov 2019 | Catalog |
Updated personas & use cases | 23 Sept 2019 | Added platform implementer |
Policy formal verification overview | 10 Sept 2019 | Documentation |
First Security Assessment | May 2019 | In-toto |
Updated Charter and Governance ratified by CNCF TOC | 7 May 2019 | New repo |
First cut security audit guidelines | 2 May 2019 | Guidelines |
Moved SAFE WG to CNCF | 15 Apr 2019 | Repo rename |
CNCF WG proposal | 21 Aug 2018 | CNCF TAG-Security charter and roles |
Policy WG merged | 10 Aug 2018 | Merging policy WG |
First KubeCon Presentations | 2-4 May 2018 | Intro and deep dive |
Personas & use cases | 20 Apr 2018 | Shared doc into repo markdown |
Initial Commit for SAFE repo | 13 Mar 2018 | First commit |
Informal discussions at Kubecon Austin | Dec 2017 | Meeting with CNCF community and gathering feedback |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.