Tabitha Sable
Tabitha Sable
Add a lightweight guide for responding to a GitHub token leak.
This is essentially the same as the non-vulnerability-report template, but slightly customized.
@micahhausler you had good luck using that tool, and it's apparently open-source. Can you please write up a few notes about how to do it?
This should help streamline sending initial "we have a vuln report" emails, and can provide a place to remind codeowners about careful treatment of non-public vulnerability information.
Per notification from Steering, SRC members should PR themselves into the leads@ list [here](https://github.com/kubernetes/k8s.io/blob/main/groups/groups.yaml) We also need to add that as a step to the onboarding and offboarding process docs.
Add a step to the onboarding and offboarding documentation to PR SRC members into the OSS-Fuzz [contacts list for Kubernetes](https://github.com/google/oss-fuzz/blob/master/projects/kubernetes/project.yaml).
### Describe the issue (Filing issue after being prompted during Leads meeting) After updating `sigs.yaml` it's necessary to run `make generate` which takes a really long time and a lot...
### Describe the issue SIG Security hosts WG Policy's artifacts and shares many concerns with WG Policy. We should probably be listed as a stakeholder SIG. Filing this as an...
Add CONTRIBUTING.md that describes how to begin contributing to Kubernetes SIG Security
There is a useful HackerOne feature where folks can be granted access to just one specific H1 issue, which can be useful when members of a fix team are highly...