outstanding CII bestpractices badge
clux opened this issue · 0 comments
A requirement for later stages of CNCF, but we need to start it for sandbox.
We almost have everything anyway so we should finish it.
Quality
- document common tools for building + enforce FLOSS tools - https://github.com/kube-rs/.github/blob/main/TOOLS.md
- maybe ditch make for just everywhere for consistency (later)
- publish code quality link with >50% coverage - #740 - linked to https://app.codecov.io/gh/kube-rs/kube-rs (which is admittedly a WIP, but covers "most")
- document test requirements for contributions - #745
- provide a way to prove new features have tests - #745
Documented use of common tools is only done in k8s-pb - lift to .github.
Coverage we are way up there when you account for examples, but these are not run as part of the neglected coverage build. See #578.
Security + Analysis
- need a provable way to show security issues are fixed
- need a provable way to show CI found security issues are responded to - label search
Probably just can add a security label, and provide a link to issue search for security issues without the invalid label. Maybe an advanced search link for the 60 day limit as well. Given this link which filters out invalid marked ones, which I've marked the chrono/time ones.
For avoding security leaks (while it's not super important to us, it's important for users), we could use the secrecy crate to wrap the sensitive credentials in the kube config, and maybe tower_http::sensitive_headers for transport is it's helpful.
EDIT: avoiding security leaks is actually not related to this badge, going to move it to a separate issue.