Update our release documentation with new SSDLC-related stuff

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Major - P3
    • 100.11.0
    • Affects Version/s: None
    • Component/s: None
    • None
    • 3
    • TAR 2024-08-19
    • Tools and Replicator
    • 0.5
    • Not Needed

      Problem

      See design doc for details.

      Solution & Acceptance Criteria

      This should cover the following topics:

      • How to fill out the SSDLC report template.
      • How to generate the SBOM augmented file for the release.
      • The SBOM augmented file should be merged back to the main branch after release
      • How to determine that we’ve met our SLA regarding issues found via third-party vulnerability and static analysis scanning.
      • How to generate the SARIF file for the release using gosec.
      • Add documentation of who is allowed to release the project.
        • In our case this is "all engineers on the Tools and Replicator" team.

      We also need this to include some information about our development practices, per our SSDLC Policy.

            Assignee:
            Dave Rolsky
            Reporter:
            Dave Rolsky
            Craven Huynh (Inactive), Jian Guan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: