Comments (10)
I think the following tasks are already done:
- Check for Binary Artifacts (task 8) (no binaries found in the repo)
- Review the code review (task 9) (all changesets reviewed)
- Dangerous Workflow (task 10) (no dangerous workflow patterns detected)
- Dependency update tool (task 13) (update tool detected, dependabot)
I think the following tasks are still missing something:
- Token Permissions (task 16)
What do you think about publishing the OpenVEX data with the remaining release artifacts?
@SD-13 do you mind if I assign Ensure SBOMs are generated by Kubernetes BOM (task 3) to me?
from kube-state-metrics.
@ricardoapl Please feel free to assign it to you!
from kube-state-metrics.
/triage accepted
from kube-state-metrics.
I'd like to tackle Task 7!
from kube-state-metrics.
Please take a look at the CLOMonitor .yaml PR here:
cncf/clomonitor#1380
Thank you!
from kube-state-metrics.
Hey @mrueg @dgrisonnet @rexagod I want to know whether kube-state-metrics is generating SBOM as part of the release pipeline. Where to look for the release pipeline?
from kube-state-metrics.
I looked into adding the OpenSSF Best Practices badge to the README, but I think a maintainer would need to first request the badge at https://www.bestpractices.dev/
from kube-state-metrics.
Hey @mrueg @dgrisonnet @rexagod I want to know whether kube-state-metrics is generating SBOM as part of the release pipeline. Where to look for the release pipeline?
We're currently not generating it. The release process is documented here: https://github.com/kubernetes/kube-state-metrics/blob/main/RELEASE.md If this is something that can be attached to a github release, it should be triggered by a release creating and execute a github action ideally that attaches the sbom
from kube-state-metrics.
I think https://github.com/advanced-security/gh-sbom (SBOM generation) coupled with https://github.com/anchore/sbom-action (SBOM pushes) should help accomplish the SBOM workflow.
from kube-state-metrics.
FYI Appended some open questions to the issue description.
from kube-state-metrics.
Related Issues (20)
- Kube Node Status NotReady detection HOT 2
- Chart missing for v2.11.0 HOT 3
- Allow Custom Resource State mode to filter on resource labels HOT 1
- CVE in v2.11.0 Image HOT 8
- sharding with a deployment with '--resources=pods' and '--node=""' does not fetch pending pods HOT 10
- [regression] /metrics port down when not existing CRD are listed in config file HOT 5
- kube-state-metrics with autosharding stops updating shards when the labels of the statefulset are updated HOT 20
- Generated Prometheus metrics output not meet with the requirements HOT 5
- Parse Nested Arrays does not work HOT 1
- Some kube-state-metrics shards are serving up stale metrics HOT 5
- Node selection for fully qualified node-names fails (--node=ip-xx-xx-xx-xx.myzone.com) HOT 2
- Cut 2.12.1 HOT 4
- Purpose of `kube_pod_status_ready{condition="unknown"}` HOT 13
- `kube_job_failed` should have `reason` label HOT 5
- Image link in README is outdated HOT 2
- Custom resource state metrics wildcard not working HOT 1
- Flux custom metrics monitoring broken in 2.12 HOT 2
- Duplicate tolerations causing issue with prometheus >= 2.52.0 HOT 2
- failed to list *v2.HorizontalPodAutoscaler: the server could not find the requested resource HOT 3
- CVE-2023-45288 in golang.org/x/net HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-state-metrics.