Analysis and Compliance Strategy for New Cyber Resilience Act #3712
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
sig/k8s-infra
Categorizes an issue or PR as relevant to SIG K8s Infra.
Issue Description:
We need to conduct a thorough analysis of the new Cyber Resilience Act to understand its implications for the Kubebuilder project, particularly in terms of our release process, tooling, and dependencies.
We probably need to start to generate the SBOOMs. Also, note that today we use GCP to perform the builds and we have a desire to use only GitHub Actions to do so and no longer need to use GCP.
Areas of Focus:
Current Release Process:
goreleaser
for automating releases, triggered by pushing a new tag.Kubebuilder Tools:
kubebuilder-tools
, a binary to assist users withenvtest
.Kube-RBAC-Proxy:
kube-rbac-proxy
.kubernetes-sig
for a long timeObjectives:
Create a Proposal Design Document:
Develop Compliance Strategies:
Objectives:
Create a Proposal Design Document:
Develop Compliance Strategies:
Call to Action:
We invite contributors to participate in this analysis and help develop a comprehensive strategy for compliance. Your insights and expertise in our current processes, tooling, and dependencies will be invaluable in navigating these new requirements.
Reproducing this issue
No response
KubeBuilder (CLI) Version
master
PROJECT version
No response
Plugin versions
No response
Other versions
No response
Extra Labels
No response
The text was updated successfully, but these errors were encountered: