Agenda

Antitrust Policy

Action Items Review
IAC checks
Secrets Manager Integration Next Steps
Security Blueprint

Minutes

IaC baseline to be reported to the issue and taken up with SIG-Automation. Currently, the checkov tool does not provide severity score in the context of the finding itself.
- Set of findings that can be ignored ({regex})
- checkov-cli => report.json => augmented with severity value
Security Blueprint
- Sylva CNF Security Guidelines (https://sylva-projects.gitlab.io/design/core-concepts/security/cnf-security-guideline/ )
- Ref: https://connect.redhat.com/sites/default/files/2023-06/CNF-best-practices 1.5 June 2023.pdf

Topic 1

Comments

Action items

Is there any open source which allows creation of k8s resources for storing secrets and providing an ability to use “any” secrets manager tool in the backend? (https://github.com/redhat-cop/vault-config-operator ) @Francois Duthilleul @Prashant Mishra

2025-04-08 SIG Security Minutes

Community Attendees:

Community Attendees:

LF Staff:

Agenda

Antitrust Policy

Minutes

Action items