From 4717f40ef773569e061c736f3d6bbad92384117c Mon Sep 17 00:00:00 2001 From: Jeremy Rickard Date: Tue, 21 Oct 2025 12:50:34 -0600 Subject: [PATCH 1/5] Update templates to suggest a joint security assessment Signed-off-by: Jeremy Rickard --- operations/toc-templates/template-dd-pr-graduation.md | 3 +-- operations/toc-templates/template-dd-pr-incubation.md | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/operations/toc-templates/template-dd-pr-graduation.md b/operations/toc-templates/template-dd-pr-graduation.md index fda61816d..6774b2d09 100644 --- a/operations/toc-templates/template-dd-pr-graduation.md +++ b/operations/toc-templates/template-dd-pr-graduation.md @@ -204,11 +204,10 @@ N/A ## Security -Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. - ### Suggested - [ ] **Achieving OpenSSF Best Practices silver or gold badge.** +- [ ] **Complete a joint security assessment with TAG Security and Compliance** diff --git a/operations/toc-templates/template-dd-pr-incubation.md b/operations/toc-templates/template-dd-pr-incubation.md index 23c10b534..b8696d06a 100644 --- a/operations/toc-templates/template-dd-pr-incubation.md +++ b/operations/toc-templates/template-dd-pr-incubation.md @@ -192,11 +192,11 @@ Note: this section may be augmented by the completion of a Governance Review fro ### Suggested -N/A +- [ ] **Complete a joint security assessment with TAG Security and Compliance** -### Required + -Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. +### Required - [ ] **Clearly defined and discoverable process to report security issues.** From 906418ea25c40e5b387edf9f78ea5803eac4eb4b Mon Sep 17 00:00:00 2001 From: Jeremy Rickard Date: Tue, 21 Oct 2025 13:33:36 -0600 Subject: [PATCH 2/5] add suggestion for governance review and move note to subject header Signed-off-by: Jeremy Rickard --- operations/toc-templates/template-dd-pr-graduation.md | 9 +++++++++ operations/toc-templates/template-dd-pr-incubation.md | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/operations/toc-templates/template-dd-pr-graduation.md b/operations/toc-templates/template-dd-pr-graduation.md index 6774b2d09..43683b668 100644 --- a/operations/toc-templates/template-dd-pr-graduation.md +++ b/operations/toc-templates/template-dd-pr-graduation.md @@ -56,6 +56,10 @@ Note: this section may be augmented by the completion of a Governance Review fro ### Suggested +- [ ] **Complete a Governance Review with the Project Reviews subproject** + + + - [ ] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.** @@ -204,9 +208,14 @@ N/A ## Security +Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. + ### Suggested - [ ] **Achieving OpenSSF Best Practices silver or gold badge.** + + + - [ ] **Complete a joint security assessment with TAG Security and Compliance** diff --git a/operations/toc-templates/template-dd-pr-incubation.md b/operations/toc-templates/template-dd-pr-incubation.md index b8696d06a..8bb4685c2 100644 --- a/operations/toc-templates/template-dd-pr-incubation.md +++ b/operations/toc-templates/template-dd-pr-incubation.md @@ -54,6 +54,10 @@ Note: this section may be augmented by the completion of a Governance Review fro ### Suggested +- [ ] **Complete a Governance Review with the Project Reviews subproject** + + + - [ ] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.** @@ -190,6 +194,8 @@ Note: this section may be augmented by the completion of a Governance Review fro ## Security +Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. + ### Suggested - [ ] **Complete a joint security assessment with TAG Security and Compliance** From b3bb4345f2da38a175ff8beedeb48056dbe0335a Mon Sep 17 00:00:00 2001 From: Jeremy Rickard Date: Tue, 21 Oct 2025 13:35:35 -0600 Subject: [PATCH 3/5] Update operations/toc-templates/template-dd-pr-incubation.md Co-authored-by: Emily Fox <33327273+TheFoxAtWork@users.noreply.github.com> Signed-off-by: Jeremy Rickard --- operations/toc-templates/template-dd-pr-incubation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/operations/toc-templates/template-dd-pr-incubation.md b/operations/toc-templates/template-dd-pr-incubation.md index 8bb4685c2..a0a493e39 100644 --- a/operations/toc-templates/template-dd-pr-incubation.md +++ b/operations/toc-templates/template-dd-pr-incubation.md @@ -193,7 +193,7 @@ Note: this section may be augmented by the completion of a Governance Review fro ## Security - +Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application. Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. ### Suggested From a3b3005adb003c5a8a1e6951e3018ec7fa3d53f2 Mon Sep 17 00:00:00 2001 From: Jeremy Rickard Date: Tue, 21 Oct 2025 13:38:34 -0600 Subject: [PATCH 4/5] apply suggestion from emily Signed-off-by: Jeremy Rickard --- operations/toc-templates/template-dd-pr-graduation.md | 5 +++-- operations/toc-templates/template-dd-pr-incubation.md | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/operations/toc-templates/template-dd-pr-graduation.md b/operations/toc-templates/template-dd-pr-graduation.md index 43683b668..abd13aa13 100644 --- a/operations/toc-templates/template-dd-pr-graduation.md +++ b/operations/toc-templates/template-dd-pr-graduation.md @@ -52,7 +52,7 @@ Completion of this due diligence document, resolution of concerns raised, and pr ## Governance and Maintainers -Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject. +Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject if completed as a suggested item prior to application. ### Suggested @@ -208,7 +208,8 @@ N/A ## Security -Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. +Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application. + ### Suggested diff --git a/operations/toc-templates/template-dd-pr-incubation.md b/operations/toc-templates/template-dd-pr-incubation.md index a0a493e39..836992fae 100644 --- a/operations/toc-templates/template-dd-pr-incubation.md +++ b/operations/toc-templates/template-dd-pr-incubation.md @@ -50,7 +50,7 @@ Completion of this due diligence document, resolution of concerns raised, and pr ## Governance and Maintainers -Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject. +Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject if completed as a suggested item prior to application. ### Suggested @@ -193,8 +193,8 @@ Note: this section may be augmented by the completion of a Governance Review fro ## Security + Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application. -Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. ### Suggested From eca6acbf808bcb040f7011f8d77ba7eb67e9c20a Mon Sep 17 00:00:00 2001 From: Jeremy Rickard Date: Tue, 28 Oct 2025 09:52:27 -0600 Subject: [PATCH 5/5] Update issue templates Signed-off-by: Jeremy Rickard --- .../template-graduation-application.md | 12 ++++++++++-- .../template-incubation-application.md | 14 ++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/template-graduation-application.md b/.github/ISSUE_TEMPLATE/template-graduation-application.md index 75f3c793b..06cca99f3 100644 --- a/.github/ISSUE_TEMPLATE/template-graduation-application.md +++ b/.github/ISSUE_TEMPLATE/template-graduation-application.md @@ -69,10 +69,14 @@ Completion of this due diligence document, resolution of concerns raised, and pr ## Governance and Maintainers -Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject. +Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject if completed as a suggested item prior to application. ### Suggested +- [ ] **Complete a Governance Review with the Project Reviews subproject** + + + - [ ] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.** @@ -217,10 +221,14 @@ Note: this section may be augmented by the completion of a Governance Review fro ## Security -Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. +Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application. ### Suggested +- [ ] **Complete a [joint security assessment](https://tag-security.cncf.io/community/assessments/guide/#joint-assessment) with TAG Security and Compliance** + + + - [ ] **Achieving OpenSSF Best Practices silver or gold badge.** diff --git a/.github/ISSUE_TEMPLATE/template-incubation-application.md b/.github/ISSUE_TEMPLATE/template-incubation-application.md index 227a90f11..1726236d5 100644 --- a/.github/ISSUE_TEMPLATE/template-incubation-application.md +++ b/.github/ISSUE_TEMPLATE/template-incubation-application.md @@ -69,10 +69,14 @@ Completion of this due diligence document, resolution of concerns raised, and pr ## Governance and Maintainers -Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject. +Note: this section may be augmented by the completion of a Governance Review from the Project Reviews subproject if completed as a suggested item prior to application. ### Suggested +- [ ] **Complete a Governance Review with the Project Reviews subproject** + + + - [ ] **Governance has continuously been iterated upon by the project as a result of their experience applying it, with the governance history demonstrating evolution of maturity alongside the project's maturity evolution.** @@ -209,13 +213,15 @@ Note: this section may be augmented by the completion of a Governance Review fro ## Security +Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance if completed as a suggested item prior to application. + ### Suggested -N/A +- [ ] **Complete a joint security assessment with TAG Security and Compliance** -### Required + -Note: this section may be augmented by a joint-assessment performed by TAG Security and Compliance. +### Required - [ ] **Clearly defined and discoverable process to report security issues.**