Skip to content

Update templates to suggest a joint security assessment and governance review #1929

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Update templates to suggest a joint security assessment and governance review #1929

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4717f40
Update templates to suggest a joint security assessment
jeremyrickard Oct 21, 2025
906418e
add suggestion for governance review and move note to subject header
jeremyrickard Oct 21, 2025
b3bb434
Update operations/toc-templates/template-dd-pr-incubation.md
jeremyrickard Oct 21, 2025
a3b3005
apply suggestion from emily
jeremyrickard Oct 21, 2025
eca6acb
Update issue templates
jeremyrickard Oct 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions .github/ISSUE_TEMPLATE/template-graduation-application.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,14 @@ Completion of this due diligence document, resolution of concerns raised, and pr

## Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject.
Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject if completed as a suggested item prior to application.
Copy link
Contributor

@angellk angellk Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please be more explicit on who is suggesting the Governance Review

Copy link
Contributor

@angellk angellk Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Suggested item within the application prior to submission" -- we may need to review overall language in the application to reduce confusion for multiple geos/cultures


### Suggested

- [ ] **Complete a Governance Review with the Project Reviews subproject**

<!-- (Project assertion goes here) -->

- [ ] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.**

<!-- (Project assertion goes here) -->
Expand Down Expand Up @@ -217,10 +221,14 @@ Note: this section may be augmented by the completion of a Governance Review fro

## Security

Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance.
Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application.
Copy link
Contributor

@angellk angellk Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Suggested item within the application prior to submission"


### Suggested

- [ ] **Complete a [joint security assessment](https://tag-security.cncf.io/community/assessments/guide/#joint-assessment) with TAG Security and Compliance**

<!-- (Project assertion goes here) -->

- [ ] **Achieving OpenSSF Best Practices silver or gold badge.**

<!-- (Project assertion goes here) -->
Expand Down
14 changes: 10 additions & 4 deletions .github/ISSUE_TEMPLATE/template-incubation-application.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,14 @@ Completion of this due diligence document, resolution of concerns raised, and pr

## Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject.
Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject if completed as a suggested item prior to application.
Copy link
Contributor

@angellk angellk Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Suggested item within the application prior to submission"


### Suggested

- [ ] **Complete a Governance Review with the Project Reviews subproject**

<!-- (Project assertion goes here) -->

- [ ] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.**

<!-- (Project assertion goes here) -->
Expand Down Expand Up @@ -209,13 +213,15 @@ Note: this section may be augmented by the completion of a Governance Review fro

## Security

Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application.

### Suggested

N/A
- [ ] **Complete a joint security assessment with TAG Security and Compliance**

### Required
<!-- (Project assertion goes here) -->

Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance.
### Required

- [ ] **Clearly defined and discoverable process to report security issues.**

Expand Down
13 changes: 11 additions & 2 deletions operations/toc-templates/template-dd-pr-graduation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,14 @@ Completion of this due diligence document, resolution of concerns raised, and pr

## Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject.
Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject if completed as a suggested item prior to application.
Copy link
Contributor

@angellk angellk Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Suggested item within the application prior to submission"


### Suggested

- [ ] **Complete a Governance Review with the Project Reviews subproject**

<!-- (TOC Evaluation goes here) -->

- [ ] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.**

<!-- (TOC Evaluation goes here) -->
Expand Down Expand Up @@ -204,14 +208,19 @@ N/A

## Security

Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance.
Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application.
Copy link
Contributor

@angellk angellk Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Suggested item within the application prior to submission"



### Suggested

- [ ] **Achieving OpenSSF Best Practices silver or gold badge.**

<!-- (TOC Evaluation goes here) -->

- [ ] **Complete a joint security assessment with TAG Security and Compliance**

<!-- (TOC Evaluation goes here) -->

### Required

- [ ] **Clearly defined and discoverable process to report security issues.**
Expand Down
14 changes: 10 additions & 4 deletions operations/toc-templates/template-dd-pr-incubation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,14 @@ Completion of this due diligence document, resolution of concerns raised, and pr

## Governance and Maintainers

Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject.
Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject if completed as a suggested item prior to application.
Copy link
Contributor

@angellk angellk Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Suggested item within the application prior to submission"


### Suggested

- [ ] **Complete a Governance Review with the Project Reviews subproject**

<!-- (TOC Evaluation goes here) -->

- [ ] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.**

<!-- (TOC Evaluation goes here) -->
Expand Down Expand Up @@ -190,13 +194,15 @@ Note: this section may be augmented by the completion of a Governance Review fro

## Security

Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application.
Copy link
Contributor

@angellk angellk Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Suggested item within the application prior to submission"


### Suggested

N/A
- [ ] **Complete a joint security assessment with TAG Security and Compliance**

### Required
<!-- (TOC Evaluation goes here) -->

Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance.
### Required

- [ ] **Clearly defined and discoverable process to report security issues.**

Expand Down