2025-05-06 SIG Security Minutes

2025-05-06 SIG Security Minutes

 

Community Attendees:

@Byung-Woo Jun

@Phil Porras

@Gaurav Kumar

@Prashant Mishra

@Tom Kivlin

@Rahul Jadhav

Community Attendees:

LF Staff:

Agenda

Antitrust Policy

  • Action Items Review

  • Container Image scanning

    • Followup with SIG-Automation to check whether the LFIT owner can be added

  • Secrets-manager/Vault Integration

    • Currently we do not have a common middleware

    • @Prashant Mishra to inform SIG-Automation about using redhat-cop with Hashicorp (or OpenBao) Vault for reference implementation.

    • @Prashant Mishra user story requirements for vault/secrets-manager integration

  • @Gaurav Kumar was able to add the script that adds severity to the IaC scan results.

    • As a side effect of developing our own script, we cannot make use of predefined checkov marketplace actions.

    • Gaurav showed the demo for the updated IaC tool

Minutes

 

Topic 1

  • Comments

Action items

@Prashant Mishra user story requirements for vault/secrets-manager integration
@Prashant Mishra to inform SIG-Automation about using redhat-cop with Hashicorp (or OpenBao) Vault for reference implementation.