|
5 | 5 | 1. What work did the WG do this year that should be highlighted? |
6 | 6 | For example, artifacts, reports, white papers produced this year. |
7 | 7 |
|
8 | | - - |
9 | | - - |
10 | | - - |
| 8 | + - CR for PolicyReport being used more widely in other projects and by end users |
| 9 | + - 2 whitepapers released |
| 10 | + - 2 KubeCon talks NA + EU |
11 | 11 |
|
12 | 12 | 2. What initiatives are you working on that aren't being tracked in KEPs? |
13 | 13 |
|
14 | | - - |
15 | | - - |
16 | | - - |
| 14 | + - We are discussing a KEP for the PolicyReport CR but still pending |
| 15 | + - Feedback from some of the sig leadership recommend NOT doing a KEP but just hosting the code in sig-auth or sig-security namespace |
| 16 | + - Outside of that there has been a lot of community interest, and workgroup effort spent, on control mapping |
| 17 | + and control-as-code implementation, eg OSCAL, that might be better served moved into its own workgroup or a |
| 18 | + sandbox project |
17 | 19 |
|
18 | 20 | ## Project health |
19 | 21 |
|
20 | 22 | 1. What's the current roadmap until completion of the working group? |
21 | 23 |
|
22 | | - - |
23 | | - - |
24 | | - - |
| 24 | + - Once the CR KEP is submitted or the sig decides yea or nay, we anticipate winding down the WG unless the community asks for new prototypes |
| 25 | + - There seems limited/no interest in a corresponding CR for policy inputs/profiles |
| 26 | + - One option is that many of the attendees are interested in compliance, so maybe a sig-security compliance WG is a follow on |
| 27 | + - Also several of the concrete policy implementations can be carried over to SLEDGEHammer (which will be submitting a Sandbox application) |
25 | 28 |
|
26 | 29 | 2. Does the group have contributors from multiple companies/affiliations? |
27 | | - |
28 | | - - |
| 30 | + - Yes (RedHat, IBM. Kyverno, Google, Fairwinds, Defense Unicorns, others) |
29 | 31 |
|
30 | 32 | 3. Are there ways end users/companies can contribute that they currently are not? |
31 | 33 | If one of those ways is more full time support, what would they work on and why? |
32 | | - |
33 | | - - |
34 | | - - |
| 34 | + - Maintaining the PolicyReport API code |
| 35 | + - Building out more PolicyReport API client code and examples |
| 36 | + - Contributing more concrete policy library content (SLEDGEHammer will be committed to this) |
| 37 | + - There is considerable interest in continuing the governance and assessment and lifecycle of policy and controls, |
| 38 | + however as these necessarily cross boundaries, it seems like something that should either be re-homed to sig-security, |
| 39 | + and/or hosted in a CNCF-level workgroup and/or moved into a relevant sandbox CNCF project |
35 | 40 |
|
36 | 41 | ## Membership |
37 | 42 |
|
38 | | -- Primary slack channel member count: |
39 | | -- Primary mailing list member count: |
40 | | -- Primary meeting attendee count (estimated, if needed): |
41 | | -- Primary meeting participant count (estimated, if needed): |
| 43 | +- Primary slack channel member count: 360 |
| 44 | +- Primary mailing list member count: 139 |
| 45 | +- Primary meeting attendee count (estimated, if needed): ~8 |
| 46 | +- Primary meeting participant count (estimated, if needed): ~6 |
42 | 47 |
|
43 | 48 | Include any other ways you measure group membership |
44 | 49 |
|
45 | 50 | ## Operational |
46 | 51 |
|
47 | 52 | Operational tasks in [wg-governance.md]: |
48 | 53 |
|
49 | | -- [ ] [README.md] reviewed for accuracy and updated if needed |
50 | | -- [ ] WG leaders in [sigs.yaml] are accurate and active, and updated if needed |
51 | | -- [ ] Meeting notes and recordings for 2022 are linked from [README.md] and updated/uploaded if needed |
52 | | -- [ ] Updates provided to sponsoring SIGs in 2022 |
53 | | - - [$sig-name](https://git.k8s.io/community/$sig-id/) |
54 | | - - links to email, meeting notes, slides, or recordings, etc |
55 | | - - [$sig-name](https://git.k8s.io/community/$sig-id/) |
56 | | - - links to email, meeting notes, slides, or recordings, etc |
57 | | - - |
| 54 | +- [X] [README.md] reviewed for accuracy and updated if needed |
| 55 | +- [X] WG leaders in [sigs.yaml] are accurate and active, and updated if needed |
| 56 | +- [X] Meeting notes and recordings for 2022 are linked from [README.md] and updated/uploaded if needed |
| 57 | +- [X] Updates provided to sponsoring SIGs in 2022 |
| 58 | + - [sig-auth](https://git.k8s.io/community/sig-auth/) |
| 59 | + - TODO: JIM: links to email, meeting notes, slides, or recordings, etc |
58 | 60 |
|
59 | 61 | [wg-governance.md]: https://git.k8s.io/community/committee-steering/governance/wg-governance.md |
60 | 62 | [README.md]: https://git.k8s.io/community/wg-policy/README.md |
|
0 commit comments