From ec3ab6b123646975985aabc3ab3df7a421ecdd46 Mon Sep 17 00:00:00 2001 From: Jonah Kowall Date: Wed, 24 Jan 2024 16:57:51 -0500 Subject: [PATCH] Replace security self-assesment with one from cncf/tag-security (#5142) ## Description of the changes Big thank you to the security pals team on the self-assessment work they did with the help of the NYU students. The discussion happened in https://github.com/cncf/tag-security/pull/1198 ## How was this change tested? No need to test, just updating URL. ## Checklist - [X] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [X] I have signed all commits --------- Signed-off-by: Jonah Kowall --- SECURITY-INSIGHTS.yml | 4 ++-- SELF-ASSESMENT.md | 46 ------------------------------------------- 2 files changed, 2 insertions(+), 48 deletions(-) delete mode 100644 SELF-ASSESMENT.md diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index 76623df85e8..000ca49075a 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -32,7 +32,7 @@ security-artifacts: self-assessment: self-assessment-created: true evidence-url: - - https://github.com/jaegertracing/jaeger/blob/main/SELF-ASSESMENT.md + - https://github.com/cncf/tag-security/blob/main/assessments/projects/jaeger/self-assessment.md security-testing: - tool-type: sca tool-name: Dependabot @@ -63,4 +63,4 @@ dependencies: dependencies-lifecycle: policy-url: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md#security-patch-policy env-dependencies-policy: - policy-url: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md#dependency-policy \ No newline at end of file + policy-url: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md#dependency-policy diff --git a/SELF-ASSESMENT.md b/SELF-ASSESMENT.md deleted file mode 100644 index 7a786b6009b..00000000000 --- a/SELF-ASSESMENT.md +++ /dev/null @@ -1,46 +0,0 @@ -# Self-assessment - -# Self-assessment outline - -## Table of contents - -* [Metadata](#metadata) - * [Security links](#security-links) -* [Overview](#overview) - * [Actors](#actors) - * [Actions](#actions) - * [Background](#background) - * [Goals](#goals) - * [Non-goals](#non-goals) -* [Self-assessment use](#self-assessment-use) -* [Security functions and features](#security-functions-and-features) -* [Project compliance](#project-compliance) -* [Secure development practices](#secure-development-practices) -* [Security issue resolution](#security-issue-resolution) -* [Appendix](#appendix) - -## Metadata - -| | | -| -- | -- | -| Software | https://github.com/jaegertracing/jaeger/ | -| Security Provider | No | -| Languages | Go | -| SBOM | [Software bill of materials](https://github.com/jaegertracing/jaeger/releases/latest/download/jaeger-SBOM.spdx.json) | -| | | - -### Security links - -Provide the list of links to existing security documentation for the project. You may -use the table below as an example: -| Doc | url | -| -- | -- | -| Security file | https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md | - -## Overview - -See [README](https://github.com/jaegertracing/jaeger/#jaeger---a-distributed-tracing-system) - -### Background - -See [README](https://github.com/jaegertracing/jaeger/#jaeger---a-distributed-tracing-system)