/
2025-04-08 SIG Security Minutes
2025-04-08 SIG Security Minutes
- Rahul
- Francois Duthilleul
Owned by Rahul
Last updated: Apr 08, 2025
Community Attendees:
@Francois Duthilleul
@Prashant Mishra
@Gaurav Kumar
@Rahul Jadhav
Community Attendees:
LF Staff:
Agenda
Antitrust Policy
Action Items Review
IAC checks
Secrets Manager Integration Next Steps
Security Blueprint
Minutes
IaC baseline to be reported to the issue and taken up with SIG-Automation. Currently, the checkov tool does not provide severity score in the context of the finding itself.
Set of findings that can be ignored ({regex})
checkov-cli => report.json => augmented with severity value
Security Blueprint
Sylva CNF Security Guidelines (CNF Security Guidelines | Sylva )
Ref: https://connect.redhat.com/sites/default/files/2023-06/CNF-best-practices 1.5 June 2023.pdf
Topic 1
Comments
Action items
Is there any open source which allows creation of k8s resources for storing secrets and providing an ability to use “any” secrets manager tool in the backend? (https://github.com/redhat-cop/vault-config-operator ) @Francois Duthilleul @Prashant Mishra
, multiple selections available,
Related content
2025-04-15 SIG Security Minutes
2025-04-15 SIG Security Minutes
More like this
2025-02-18 Security Minutes
2025-02-18 Security Minutes
More like this
2025-03-18 Security Minutes
2025-03-18 Security Minutes
More like this
2025-03-25 Security Minutes
2025-03-25 Security Minutes
More like this
SIG Security 🛡️
SIG Security 🛡️
Read with this
2025-02-27 TSC Minutes
2025-02-27 TSC Minutes
More like this