Conversation
lsm5
force-pushed
the
cncf-self-assessment
branch
from
342e829 to
6132ab7
Compare
lsm5
force-pushed
the
cncf-self-assessment
branch
from
1e308d4 to
28fa215
Compare
|
Ephemeral COPR build failed. @containers/packit-build please check. |
lsm5
force-pushed
the
cncf-self-assessment
branch
from
28fa215 to
588efae
Compare
|
@containers/buildah-maintainers PTAL |
|
LGTM |
|
@nalind @flouthoc PTAL as well. I'll most likely combine the common parts (review / security process) etc with the podman doc which is now at https://github.com/cncf/toc/blob/main/projects/podman-containers/security-assessment/self-assessment.md |
docs/cncf/self-assessment.md
Outdated
|
|
||
| * **Flexible build process**: Provide fine-grained control over the image building process. | ||
|
|
||
| * **Integration**: Work seamlessly with other container tools in the ecosystem. |
There was a problem hiding this comment.
Do we need this point ? Buildah generates OCI images which can be used by other tools once pushed to registry otherwise only podman can read these images locally.
docs/cncf/self-assessment.md
Outdated
|
|
||
| * **Buildah CLI**: The main command-line interface that users interact with for building container images. | ||
|
|
||
| * **Build context**: The filesystem context containing source code and build instructions. |
There was a problem hiding this comment.
This point is not very clear to me, I wonder if build context should be part of actors or not. @nalind WDYT
lsm5
force-pushed
the
cncf-self-assessment
branch
from
08d8f4b to
ebdfee5
Compare
This is being added here only for review. This doc will live in https://github.com/cncf/tag-security and *probably* be removed from here. Co-authored-by: flouthoc <[email protected]> Co-authored-by: Tom Sweeney <[email protected]> Signed-off-by: Lokesh Mandvekar <[email protected]>
lsm5
force-pushed
the
cncf-self-assessment
branch
from
ebdfee5 to
fa6b8d3
Compare
flouthoc
left a comment
flouthoc
left a comment
There was a problem hiding this comment.
LGTM
/approve
/hold wait for CI
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flouthoc, lsm5 The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
A friendly reminder that this PR had no activity for 30 days. |
4 participants
This is being added here only for review. This doc will live in https://github.com/cncf/tag-security and probably be removed from here.
What type of PR is this?
/kind other
What this PR does / why we need it:
Review submission for cncf/tag-security.
How to verify it
Just a doc. Review if it's good for CNCF submission.
Which issue(s) this PR fixes:
None
Special notes for your reviewer:
None
Does this PR introduce a user-facing change?
Reference: https://github.com/cncf/tag-security/blob/main/community/assessments/guide/self-assessment.md