[CII Best Practices] Kubernetes 的最佳实践 #48
Replies: 11 comments 3 replies
-
|
在补充一份 CII 的材料~ |
Beta Was this translation helpful? Give feedback.
-
|
https://en.wikipedia.org/wiki/Core_Infrastructure_Initiative 感觉国外他们这套价值流动体系还是非常顺畅的。大厂捐钱中立基金会,然后联合专业人士制定标准,同时大厂门也享受这些服务,整个生态好了,大家都受益~
|
Beta Was this translation helpful? Give feedback.
-
|
是的,但中国有中国的特色,相对缺乏中立基金会这样的角色和机构,使得价值链条会断开 |
Beta Was this translation helpful? Give feedback.
-
那我们补上这个价值链条~ :-) |
Beta Was this translation helpful? Give feedback.
-
|
CII 网站也有中文版本,一些值得关注的地方:
|
Beta Was this translation helpful? Give feedback.
-
|
openSSF 有一个 criticality_score 也在被国内外的一些开源社区所使用,大家可以参考:https://github.com/ossf/criticality_score |
Beta Was this translation helpful? Give feedback.
-
|
openSSF 的 scorecard 也是一个不错的参考:https://github.com/ossf/scorecard |
Beta Was this translation helpful? Give feedback.
-
|
王老师,Scorecard和CII是不是不一样的评价的框架哈
从 Windows 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>发送
…________________________________
发件人: Will Wang ***@***.***>
发送时间: Monday, March 21, 2022 11:00:25 PM
收件人: kaiyuanshe/ONES ***@***.***>
抄送: Subscribed ***@***.***>
主题: Re: [kaiyuanshe/ONES] [CII Best Practices] Kubernetes 的最佳实践 (Discussion #48)
openSSF 的 scorecard 也是一个不错的参考:https://github.com/ossf/scorecard
―
Reply to this email directly, view it on GitHub<#48 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AO5RA33I4IHEBEVFG2TSI3TVBCFITANCNFSM5RA4XRHQ>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
是的,据他们说是希望用 Scorecard 来取代 CII ~ |
Beta Was this translation helpful? Give feedback.
-
|
好的,多谢王老师
从 Windows 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>发送
发件人: Will ***@***.***>
发送时间: Tuesday, March 22, 2022 8:37 PM
收件人: ***@***.***>
抄送: ***@***.***>; ***@***.***>
主题: Re: [kaiyuanshe/ONES] [CII Best Practices] Kubernetes 的最佳实践 (Discussion #48)
王老师,Scorecard和CII是不是不一样的评价的框架哈 从 Windows 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>发送<https://go.microsoft.com/fwlink/?LinkId=550986%3E%E5%8F%91%E9%80%81>
…
…________________________________ 发件人: Will Wang @.> 发送时间: Monday, March 21, 2022 11:00:25 PM 收件人: kaiyuanshe/ONES @.> 抄送: Subscribed @.> 主题: Re: [kaiyuanshe/ONES] [CII Best Practices] Kubernetes 的最佳实践 (Discussion #48<#48>) openSSF 的 scorecard 也是一个不错的参考:https://github.com/ossf/scorecard D Reply to this email directly, view it on GitHub<#48 (comment)<#48 (comment)>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AO5RA33I4IHEBEVFG2TSI3TVBCFITANCNFSM5RA4XRHQ. You are receiving this because you are subscribed to this thread.Message ID: @.>
是的,据他们说是希望用 Scorecard 来取代 CII ~
―
Reply to this email directly, view it on GitHub<#48 (reply in thread)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AO5RA3Z7NS4S3X6JYYZUHMTVBG5GZANCNFSM5RA4XRHQ>.
You are receiving this because you commented.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
https://www.synopsys.com/blogs/software-security/census-2-free-and-open-source-software-report/ |
Beta Was this translation helpful? Give feedback.
-
|
补充一个 CII 的介绍视频:https://www.youtube.com/watch?v=JMptmhV06j8 |
Beta Was this translation helpful? Give feedback.
-
|
多谢王老师
从 Windows 版邮件<https://go.microsoft.com/fwlink/?LinkId=550986>发送
发件人: Will ***@***.***>
发送时间: Tuesday, April 26, 2022 8:50 AM
收件人: ***@***.***>
抄送: ***@***.***>; ***@***.***>
主题: Re: [kaiyuanshe/ONES] [CII Best Practices] Kubernetes 的最佳实践 (Discussion #48)
补充一个 CII 的介绍视频:https://www.youtube.com/watch?v=JMptmhV06j8
―
Reply to this email directly, view it on GitHub<#48 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AO5RA3Y5UERZSSYEYD7K6PTVG44V7ANCNFSM5RA4XRHQ>.
You are receiving this because you commented.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
没有一套实践可以保证软件永远不会有缺陷或漏洞;如果规范或假设是错误的,即使是正式的方法也会失败。也没有任何一套实践可以保证一个项目将维持一个健康和运作良好的开发社区。但是,遵循最佳实践可以帮助改善开源项目的结果。
开源安全基金会 (OpenSSF)](https://openssf.org/) 最佳实践徽章是自由和开源软件 (FLOSS) 项目表明他们遵循最佳实践的一种方式。项目可以通过使用此应用程序来解释它们如何遵循每个最佳实践,从而自愿免费进行自我认证。徽章项目的使用者可以快速评估哪些 FLOSS 项目遵循最佳实践,因此更有可能生产出更高质量的安全开源软件。
Kubernetes 作为一款成功的开源项目,相信它的开源安全最佳实践能够让大家学到不少~
https://bestpractices.coreinfrastructure.org/en/projects/569#changecontrol
https://segmentfault.com/a/1190000018006309
Beta Was this translation helpful? Give feedback.
All reactions