This repository has been archived by the owner on Feb 4, 2021. It is now read-only.
Enhanced Security Mitigation #2
Labels
Comments
Dattax
added
enhancement
Dattax
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Issue to Discuss
We launched ChartCenter with vulnerability scanning from JFrog Xray and quickly realized that most charts have some components (and base layers inside containers) with vulnerabilities. These components are widely used and show up in many Helm chart dependencies.
Our goal is to work with Helm chart maintainers on creating safer charts moving forward. We’ve already had great discussions with partners on the value of seeing this information in one place, but they also had concerns about not having the correct level of control in mitigating issues - especially on the ChartCenter UI. We decided to build out a way for chart maintainers to provide “maintainer notes” and an overall “mitigation summary”. You can see how that works here.
Our next goal is to understand how to improve this feature. We’re considering creating a login experience where chart maintainers will have a dedicated portal on ChartCenter where they can login to and see a full list of vulnerabilities (high severity issues to low and unknown issues) and be able to tag CVE IDs inside the GUI to provide their notes. This feature is all about opening up the conversation between Helm chart users and Helm chart creators and making the community safer for all.
Proposal Details
Chart Maintainers should be able to:
Additional considerations
What would else would you like to see in an authenticated login experience regarding security and mitigation on ChartCenter?
The text was updated successfully, but these errors were encountered: