Merge branch 'main' into feature-add-sec-assessment-facilitator-role-details

Signed-off-by: Andrés Vega <av@messier42.com>

Author: anvega

.github/ISSUE_TEMPLATE/joint-review.md

@@ -24,7 +24,7 @@ Security Provider: yes/no (e.g. Is the primary function of the project to suppor
    - [ ] Lead security reviewer
    - [ ] 1 or more additional reviewer(s)
    - [ ] Every reviewer has read [security reviewer guidelines](https://github.com/cncf/tag-security/blob/main/assessments/guide/security-reviewer.md) and stated declaration of conflict
-   - [ ] Sign off by 2 chairs on reviewer conflicts
+   - [ ] Sign off by facilitator on reviewer conflicts
 - [ ] Create slack channel (e.g. #sec-assess-projectname)
 - [ ] Project lead provides draft document - see [outline](https://github.com/cncf/tag-security/blob/main/assessments/guide/joint-review.md)
 - [ ] "Naive question phase" Lead Security Reviewer asks clarifying questions

.github/ISSUE_TEMPLATE/proposal.md

@@ -9,21 +9,44 @@ assignees: ''
 
 Description: what's your idea?
 
-Impact: Describe the customer impact of the problem. Who will this help?  How will it help them?
+Impact: Describe the customer impact of the problem. Who will this help?  How
+will it help them?
 
-Scope: How much effort will this take? ok to provide a range of options if or "not yet determined" for initial proposals.  Feel free to include proposed tasks below or link a Google doc
+Scope: How much effort will this take? ok to provide a range of options if or
+"not yet determined" for initial proposals.  Feel free to include proposed tasks
+below or link a Google doc
+
+Intent to lead:
+
+* [ ] **I volunteer to be a project lead on this proposal if the community is
+  interested in pursing this work.** This statement of intent does not preclude
+  others from co-leading or becoming lead in my stead.
+
+Proposal to Project:
+
+* [ ] Added to the planned meeting template for _mm dd_
+* [ ] Raised in a Security TAG meeting to determine interest - _mm dd_
+* [ ] Collaborators comment on issue for determine interest and nominate project
+  lead
+* [ ] Scope determined via meeting _mm dd_ and/or shared document *add link*
+   with call for participation in #tag-security slack channel thread *add link*
+   and mailing list email *add link*
+* [ ] Scope presented to Security TAG leadership and Sponsor is assigned
 
 TO DO
+
 - [ ] Security TAG Leadership Representative:
 - [ ] Project leader(s):
+- [ ] Issue is assigned to project leaders and Security TAG Leadership
+  Representative
 - [ ] Project Members:
-- [ ] _Fill in addition TODO items here so the project team and community can see progress!_
-- [ ] Scope 
+- [ ] _Fill in addition TODO items here so the project team and community can
+  see progress!_
+- [ ] Scope
 - [ ] Deliverable(s)
 - [ ] Project Schedule
 - [ ] Slack Channel (as needed)
 - [ ] Meeting Time & Day:
 - [ ] Meeting Notes (link)
 - [ ] Meeting Details (zoom or hangouts link)
 - [ ] Retrospective
-

.github/ISSUE_TEMPLATE/unconference.md

@@ -0,0 +1,15 @@
+---
+name: Unconference talk proposal
+about: You have a proposal for the in-person KubeCon Security Hub Unconference. Unconference sessions can be more casual group conversations about a topic. Submitters must be attending KubeCon in-person.
+title: "[Unconference] some descriptive title"
+labels: "unconference, triage-required"
+assignees: ''
+
+---
+
+Description: What's your topic?
+Benefits to Ecosystem: Why is this talk or discussion important to cloud native security?
+Additional info:
+- Reference to supporting material
+- Feel free to delete this section if you don't have more info
+- Let us know if you have any availability limitations for us to consider

.github/auto_request_review.yml

@@ -25,6 +25,7 @@ reviewers:
       - mlieberman85
       - ragashreeshekar
       - sublimino
+      - eddie-knight
     supply-chain-security-reviewers:
       - mnm678
       - mlieberman85
@@ -40,6 +41,8 @@ reviewers:
       - ashutosh-narkar
     controls-reviewers:
       - JonZeolla
+    assessments-reviewers:
+      - eddie-knight
 
 files:
   # Keys are glob expressions.
@@ -54,6 +57,8 @@ files:
     - supply-chain-security-reviewers #group
   'cloud-native-controls/**':
     - controls-reviewers #group
+  'assessments/**':
+    - assessments-reviewers #group
 
 options:
   ignore_draft: true #draft PRs are ignored

.github/settings.yml

@@ -11,79 +11,5 @@ repository:
   homepage: https://cncf.io/projects
 
   # Collaborators: give specific users access to this repository.
-  # Note: changing this file will update the users visible in Github UI 
-  # see /governance/roles.md for details on write access policy
-  # note that the permissions below may provide wider access than needed for
-  # a specific role, and we trust these individuals to act according to their
-  # role. If there are questions, please contact one of the chairs.
-collaborators:
-  # Chairs
-  - username: achetal01
-    permission: admin
-
-  - username: lumjjb
-    permission: admin
-    
-  - username: sublimino
-    permission: admin
-    
-  # Chairs Emeriti
-  - username: ultrasaurus
-    permission: push
-    
-  - username: pragashj
-    permission: push
-    
-  - username: dshaw
-    permission: push
-
-  - username: TheFoxAtWork
-    permission: push
-
-  # Technical Leads
-  - username: ashutosh-narkar
-    permission: push
-
-  - username: anvega
-    permission: push
-    
-  - username: JustinCappos
-    permission: push
-  
-  - username: PushkarJ
-    permission: push
-    
-  - username: mnm678
-    permission: push
-    
-  - username: mlieberman85
-    permission: push
-  
-  - username: ragashreeshekar
-    permission: push
-
-  # Contributing Reviewers
-  # Submit Reviews to PRs based on this grouping: https://github.com/cncf/tag-security/blob/main/.github/auto_request_review.yml
-  - username: lirantal
-    permission: read
-    
-    # Leading the policy project #987
-  - username: jkjell
-    permission: push
-    
-    # Security Assessment Facilitator
-    # merge PRs in /assesssments according to guidelines
-    # triage related issues
-    # JustinCappos
-
-    # Security Reviewers
-    # issues may be assigned, edited by assignee
-    # merge PRs for assigned issue according to guidelines
-    # JustinCappos, ultrasaurus, lumjjb
-  - username: JustinCormack
-    permission: push
-    
-
-    # Meeting Facilitators
-    # ultrasaurus, dshaw, pragashj, lumjjb, justincormack, izgeri, JustinCappos, magnologan, TheFoxAtWork, anvega, achetal01, ashutosh-narkar,
-    # chasemp, pushkarj, jonzeolla
+  # Note that the permissions are controlled using CLOWarden in the https://github.com/cncf/people/blob/main/config.yaml file
+  # Please create a PR in the https://github.com/cncf/people/ repo to change user access

.gitignore

@@ -2,3 +2,8 @@
 node_modules
 modified
 *.DS_Store*
+
+# Hugo file replication
+website/root/*
+!website/root/.gitkeep
+website/static/design/