Update self-assesment, security-insights, and security.md file for pa…

…ssing CLOMonitor checks ## Description of the changes Updating security files with more details to enable passing CLOMonitor checks. ## How was this change tested? Testing not needed, text only ## Checklist - [X] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [X] I have signed all commits - [Not Needed] I have added unit tests for the new functionality - [Not Needed] I have run lint and test steps successfully --------- Signed-off-by: Jonah Kowall <[email protected]> Co-authored-by: Yuri Shkuro <[email protected]> Co-authored-by: Matthieu MOREL <[email protected]>
jaegertracing · Nov 3, 2023 · b3cb6c7 · b3cb6c7
1 parent ba5cef5
commit b3cb6c7
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 7 deletions.
diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml
@@ -62,3 +62,5 @@ dependencies:
     sbom-url: https://github.com/anchore/sbom-action 
   dependencies-lifecycle:
     policy-url: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md#security-patch-policy
+  env-dependencies-policy:
+    policy-url: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md#dependency-policy
diff --git a/SECURITY.md b/SECURITY.md
@@ -10,7 +10,7 @@ Security fixes are given priority and might be enough to cause a new version to
 
 CVEs in Jaeger code will be patched in the newest Jaeger releases. 
 
-### Dependencies Lifecycle Policy
+### Dependency Policy
 
 Dependencies are evaluated before being introduced to ensure they:
 

diff --git a/SELF-ASSESMENT.md b/SELF-ASSESMENT.md
@@ -1,9 +1,9 @@
-# Jaeger Self-Assessment
-
-This is a placeholder document for the Jaeger project self-assessment. More details of what this will turn into can be found in the [TAG-Security documented standards.](https://github.com/cncf/tag-security/blob/main/assessments/guide/self-assessment.md) 
+# Self-assessment
+
+# Self-assessment outline
+
+## Table of contents
 
-## Table of Contents
-
 * [Metadata](#metadata)
   * [Security links](#security-links)
 * [Overview](#overview)
@@ -17,4 +17,30 @@ This is a placeholder document for the Jaeger project self-assessment. More deta
 * [Project compliance](#project-compliance)
 * [Secure development practices](#secure-development-practices)
 * [Security issue resolution](#security-issue-resolution)
-* [Appendix](#appendix)## Table of Contents
+* [Appendix](#appendix)
+
+## Metadata
+
+|   |  |
+| -- | -- |
+| Software | https://github.com/jaegertracing/jaeger/  |
+| Security Provider | No  |
+| Languages | Go |
+| SBOM | [Software bill of materials](https://github.com/jaegertracing/jaeger/releases/latest/download/jaeger-SBOM.spdx.json) |
+| | |
+
+### Security links
+
+Provide the list of links to existing security documentation for the project. You may
+use the table below as an example:
+| Doc | url |
+| -- | -- |
+| Security file | https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md |
+
+## Overview
+
+See [README](https://github.com/jaegertracing/jaeger/#jaeger---a-distributed-tracing-system)
+
+### Background
+
+See [README](https://github.com/jaegertracing/jaeger/#jaeger---a-distributed-tracing-system)