Ratify should complete a Tag Security Self Assessment (TSSA) #2035

akashsinghal · 2025-01-16T01:10:06Z

What would you like to be added?

As part of Ratify sandbox donation, it was recommended by TAG security for Ratify to complete a tag security self assessment and submit for review https://github.com/cncf/tag-security/blob/main/community/assessments/README.md

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

Yes, I am willing to implement it.

binbin-li · 2025-01-16T02:30:56Z

Wonder if we should assess the security based on the incoming v2 version or v1. V1 has some design vulnerabilities that require breaking change to fix, probably v2 could make the TSSA look better.

akashsinghal · 2025-01-22T23:36:19Z

Wonder if we should assess the security based on the incoming v2 version or v1. V1 has some design vulnerabilities that require breaking change to fix, probably v2 could make the TSSA look better.

I agree. v2 makes more sense

akashsinghal added enhancement New feature or request triage Needs investigation labels Jan 16, 2025

binbin-li removed the triage Needs investigation label Feb 13, 2025

binbin-li modified the milestones: v2.0.0-alpha.1, v2.0.0 Feb 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ratify should complete a Tag Security Self Assessment (TSSA) #2035

Ratify should complete a Tag Security Self Assessment (TSSA) #2035

akashsinghal commented Jan 16, 2025

binbin-li commented Jan 16, 2025

akashsinghal commented Jan 22, 2025

Ratify should complete a Tag Security Self Assessment (TSSA) #2035

Ratify should complete a Tag Security Self Assessment (TSSA) #2035

Comments

akashsinghal commented Jan 16, 2025

What would you like to be added?

Anything else you would like to add?

Are you willing to submit PRs to contribute to this feature?

binbin-li commented Jan 16, 2025

akashsinghal commented Jan 22, 2025