Translation of Cloud Native Security White Paper(Chinese) #470 #471
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
babysor
requested review from
dshaw,
JustinCappos,
lumjjb,
pragashj,
TheFoxAtWork and
ultrasaurus
as code owners
rootsongjc
reviewed
Nov 29, 2020
security-whitepaper/cloud-native-security-whitepaper-simple-chinese.md
Outdated
Show resolved
Hide resolved
rootsongjc
reviewed
Nov 29, 2020
security-whitepaper/cloud-native-security-whitepaper-simple-chinese.md
Outdated
Show resolved
Hide resolved
rootsongjc
reviewed
Nov 29, 2020
security-whitepaper/cloud-native-security-whitepaper-simple-chinese.md
Outdated
Show resolved
Hide resolved
|
@rootsongjc @babysor #### 加密
对容器镜像进行加密,从而保证镜像内容的机密性。加密后,以确保它们从构建到运行前都是密文态。当加密镜像分发后受到破解,制品库中存储的镜像仍然是加密的,这有助于保护商业机密或其他保密材料等。
容器镜像加密的另一个常见用途是容器镜像授权的增强。当镜像加密与密钥证明管理和/或授权、认证发布等相结合时,可以要求容器镜像只能在特定平台上运行。容器镜像授权也适合保证合规性,例如地理限制、出口管控和数字版权媒体管理。 |
可以使用这个翻译替换下。 |
|
Thanks @babysor , @rootsongjc, @Gsealy! This is really great! I think that if there is a consensus among the 3 of you that it is good, then we can go ahead and approve this. I would add a couple asks:
|
knwng
reviewed
Dec 1, 2020
security-whitepaper/cloud-native-security-whitepaper-simple-chinese.md
Outdated
Show resolved
Hide resolved
hbrls
reviewed
Dec 2, 2020
security-whitepaper/cloud-native-security-whitepaper-simple-chinese.md
Outdated
Show resolved
Hide resolved
hbrls
reviewed
Dec 2, 2020
security-whitepaper/cloud-native-security-whitepaper-simple-chinese.md
Outdated
Show resolved
Hide resolved
hbrls
reviewed
Dec 2, 2020
|
|
||
| ## 云原生目标 | ||
|
|
||
| 容器和微服务架构的采用和革新带来了不少挑战。在现代化组织中,减少网络安全漏洞的需求优先级已经成明显趋势地攀升。同时,随着围绕云应用的创新加速,新的威胁状况也在增加。安全领导层需要通过采取预防、检测和应对网络威胁等措施、满足严格的合规要求,来完成他们身上背负的“保护包括人力 [4] 和非人力资产”任务。然而,有个常见的旧说法,指责这些安全措施阻碍了 DevOps 团队的速度和敏捷性。因此,安全领导层必须搭建起更紧密的集成和互相理解的通道,在为 DevOps 团队赋能更多的同时,使得其能有共同抵御网络风险的责任心。 |
There was a problem hiding this comment.
这里应该指组织内的安全leaders(例如CSO)吧
There was a problem hiding this comment.
因为段落的第二句说了 “在现代化的组织中”,我读下来是在这个scope内的,你觉得呢?
hbrls
reviewed
Dec 2, 2020
security-whitepaper/cloud-native-security-whitepaper-simple-chinese.md
Outdated
Show resolved
Hide resolved
hbrls
reviewed
Dec 2, 2020
security-whitepaper/cloud-native-security-whitepaper-simple-chinese.md
Outdated
Show resolved
Hide resolved
hbrls
reviewed
Dec 10, 2020
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Show resolved
Hide resolved
added 2 commits
December 10, 2020 18:54
hbrls
suggested changes
Dec 11, 2020
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
security-whitepaper/cloud-native-security-whitepaper-simplified-chinese.md
Outdated
Show resolved
Hide resolved
|
|
||
| #### 仓库隔离 | ||
|
|
||
| 由于使用的开放源码组件往往是从公共来源中提取的。各组织应在其流水线中,创建不同阶段的仓库。只有已授权的开发人员才能访问公共仓库和拉动基础镜像,然后将其存储在内部仓库中,以便在组织内部广泛使用。此外,还建议有单独的私有仓库,用于保存每个团队或小组的开发工件,最后还有一个暂存或预生产仓库,用于准备生产的镜像。这样可以对开源组件的来源和安全性进行更严格的控制,同时可以对 CI/CD 的各个阶段进行不同类型的测试。 |
|
Once we are 90% there we can merge it in and it will be a living document and we can update it as we go. Any thoughts on where we are on this? There's a lot of good work already in this, would like to merge it soon if we think it's ready so we can share it to a wider audience! |
lumjjb
approved these changes
Feb 26, 2021
There was a problem hiding this comment.
LGTM! This looks really good and looking forward to sharing this with the rest of the community!
Big thank you to everyone! @rootsongjc, @N3erox0, @cafra, @aiaicaow, @hbrls, @Losery, @knwng, @babysor, @gtb-togerther, @dwctua
A couple minor things, which can be included in this PR or a separate one:
- Add a link in https://github.com/cncf/sig-security/blob/master/security-whitepaper/README.md for the translation
- Add a reference to the version of the whitepaper used for translation. The current version is 1.1. Can link to the version in the commit https://github.com/cncf/sig-security/blob/017e77ff380e303d80adb78e60a1f262e80df0e8/security-whitepaper/cloud-native-security-whitepaper.md
ashutosh-narkar
approved these changes
Feb 26, 2021
21 tasks
3 tasks
12 tasks
Michael-Susu12138
pushed a commit
to Michael-Susu12138/tag-security
that referenced
this pull request
Dec 12, 2023
…ncf#471) * Translation of Cloud Native Security White Paper(Chinese) cncf#470 * Re-format according to review * Skip translation of author names, and use translation from @Gsealy! * Remove duplicate and fix some nits * remove duplicate * fix nits Co-authored-by: Emily Fox <33327273+TheFoxAtWork@users.noreply.github.com> Co-authored-by: Vega Chen <babysor> Co-authored-by: Brandon Lum <lumjjb@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
According to proposal #470 , we conducted a Chinese translation and review of Cloud Native Security White Paper. Thanks to the amazing teamwork and Jimmy's initiating.