2025-05-06 SIG Security Minutes
Community Attendees:
@Byung-Woo Jun
@Phil Porras
@Gaurav Kumar
@Prashant Mishra
@Tom Kivlin
@Rahul Jadhav
Community Attendees:
LF Staff:
Agenda
Antitrust Policy
Action Items Review
Container Image scanning
Followup with SIG-Automation to check whether the LFIT owner can be added
Secrets-manager/Vault Integration
Currently we do not have a common middleware
@Prashant Mishra to inform SIG-Automation about using redhat-cop with Hashicorp (or OpenBao) Vault for reference implementation.
@Prashant Mishra user story requirements for vault/secrets-manager integration
@Gaurav Kumar was able to add the script that adds severity to the IaC scan results.
As a side effect of developing our own script, we cannot make use of predefined checkov marketplace actions.
Gaurav showed the demo for the updated IaC tool
Minutes
Topic 1
Comments
Action items
@Prashant Mishra user story requirements for vault/secrets-manager integration
@Prashant Mishra to inform SIG-Automation about using redhat-cop with Hashicorp (or OpenBao) Vault for reference implementation.
, multiple selections available, Use left or right arrow keys to navigate selected items