Add sig-security-assessments sub-project

[PushkarJ]

Sub-project has now been identified: kubernetes/sig-security#48

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[PushkarJ]

/unhold

(kubernetes/sig-security#48 is merged)

[PushkarJ]

/cc @aladewberry please take a look and if all looks good please comment with /lgtm

[PushkarJ]

/remove-lifecycle stale
/cc aladewberry

[aladewberry]

/lgtm

[aladewberry]

Yay! Thank you everyone for your help!!!

[PushkarJ]

/assign tabbysable iancoldwater

(For /approve to officially make an entry about this subproject in k/community)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aladewberry, PushkarJ
To complete the pull request process, please assign dims after the PR has been reviewed.
You can assign the PR to them by writing /assign @dims in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[aladewberry]

/assign @dims

[tabbysable]

This feels like it's tying the subproject pretty closely to the history of the CAPI assessment; WDYT about creating a new slack channel for a fresh history and more general focus?.

As we figure out the long-term workflows for self-assessments we can come back and update things as necessary.

[mrbobbytables]

I would also +1 avoid tying it directly to capi. If the channel has the right folk in it, could just rename it to be more generic.

[aladewberry]

Thanks @tabbysable and @mrbobbytables ! I'll have a look at the slack channel to see its content. If it's general enough, I'll plan to rename. Otherwise I'll make a new one.

If I were to rename the channel, is there a process I need to go through for doing that? Or just rename it and submit a PR to update the README?

[PushkarJ]

IMO, new channel (#sig-security-assessments) makes sense since the discussion in current channel was very specific to Cluster API.

That channel can act as root node of security assessments sub-project (from thought exercise perspective) that can branch out to new channels that are project specific. e.g.

sig-security
- sig-security-assessments
-- sig-security-assess-capi
-- sig-security-assess-csi-driver

If we decide to go this route,

• Link to request new channel is here

• Example pull request that was successfully completed to create a new slack channel can be found here: New channel for security assessment of cluster api #5792

[aladewberry]

Awesome - I came to the same conclusion reading the channel on Friday - new channel for the root node! Do I need to get any further approval to go ahead and request the new channel, or just have at it and get it stood up?

[aladewberry]

Just requested a new channel! #6722

[dims]

@PushkarJ please let me know when this is ready

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[PushkarJ]

/remove-lifecycle stale

(Will update channel name soon)

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[aladewberry]

/remove-lifecycle stale

[tabbysable]

/hold We can close this once #7221 merges, it's functionally a duplicate.

[k8s-ci-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[PushkarJ]

Since #7221 has merged

/close

[k8s-ci-robot]

@PushkarJ: Closed this PR.

In response to this:

Since #7221 has merged

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.