Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSF Technology Consumption Architecture for Dependency Management #17

Merged
merged 8 commits into from
Aug 14, 2024

Conversation

Danajoyluck
Copy link
Contributor

This document captures technologies that are hosted in OpenSSF and some technologies in CNCF. The technical stack in this document demonstrates how OSS security technologies make software supply chain more secure through dependency management.

The goals of this document are:
To help open source producers quickly navigate the OSS security technology landscape, discover, adopt and contribute to technical initiatives.
To provide an easy model for our end user organizations large and small to have a framework/reference architecture to help them think about adopting OpenSSF technical projects and guidance.

…#16)

* Create readme.md

Signed-off-by: Dana Wang <[email protected]>

* Add files via upload

Signed-off-by: Dana Wang <[email protected]>

* Create consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Delete architecture directory

Signed-off-by: Dana Wang <[email protected]>

* Create readme.md

Signed-off-by: Dana Wang <[email protected]>

* Update readme.md

Signed-off-by: Dana Wang <[email protected]>

* Add files via upload

Signed-off-by: Dana Wang <[email protected]>

* Create consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Create consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Delete architecture/architecture directory

Signed-off-by: Dana Wang <[email protected]>

* Add files via upload

Signed-off-by: Dana Wang <[email protected]>

* Add files via upload

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Add files via upload

Signed-off-by: Dana Wang <[email protected]>

* Add files via upload

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Delete architecture/images/OpenSSF Practitioner Framework _Synopsys_OSSRA_Codebase .jpg

Signed-off-by: Dana Wang <[email protected]>

* Delete architecture/images/OpenSSF Practitioner Framework _Synopsys_OSSRA_Codebase.jpg

Signed-off-by: Dana Wang <[email protected]>

* Delete architecture/images/OpenSSF Practitioner Framework _Synopsys_OSSRA_Vuln.jpg

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

* Update consumption-architecture-dependency-management.md

Signed-off-by: Dana Wang <[email protected]>

---------

Signed-off-by: Dana Wang <[email protected]>
updated image path to be relative

Signed-off-by: Dana Wang <[email protected]>
@funnelfiasco
Copy link
Contributor

This looks really good, content-wise. From a presentation standpoint, the headings throw me off a bit because as a reader, I don't immediately see how to answer the questions the document says I have. One suggestion would be to organize the sections to match the three use cases in the "Intended Audience" section. Something like

# OpenSSF projects (instead of "Open Source Software Dependency Management")

## Producing secure open source

## Consuming secure open source

## Contributing to OpenSSF projects

Alternatively, that h1 could go away and the h2s could become h1s. I'd be happy to put together a draft if you'd find that helpful.

@Danajoyluck
Copy link
Contributor Author

This looks really good, content-wise. From a presentation standpoint, the headings throw me off a bit because as a reader, I don't immediately see how to answer the questions the document says I have. One suggestion would be to organize the sections to match the three use cases in the "Intended Audience" section. Something like

# OpenSSF projects (instead of "Open Source Software Dependency Management")

## Producing secure open source

## Consuming secure open source

## Contributing to OpenSSF projects

Alternatively, that h1 could go away and the h2s could become h1s. I'd be happy to put together a draft if you'd find that helpful.

Thank you @funnelfiasco for taking the time.... I'm very grateful that you are willing to update the document, and would love to see the new content structure.

Copy link
Member

@jkjell jkjell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome work @Danajoyluck! Software supply chain security is a difficult landscape to navigate. Your map 🗺️ will ease that journey for folks new to the space. 🙌

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be good to have a different color scheme between OpenSSF Technology Lifecycle Stages and OpenSSF Technology Adoption. For folks familiar with the projects, it's a bit easier to know when the diagrams are referring to a project's lifecycle stage but, that could be harder for newcomers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @jkjell for spending time on this ......I mapped the technology adoption purposely with the lifecycle for people who are not familiar with OpenSSF TI lifecycle. I'll talk to you about how we make it more clear.

Danajoyluck and others added 4 commits August 1, 2024 08:44
Update for Davi's review feedback. 

Signed-off-by: Dana Wang <[email protected]>
Updated the diagrams for RSTUF.

Signed-off-by: Dana Wang <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
@Danajoyluck Danajoyluck added the documentation Improvements or additions to documentation label Aug 1, 2024
Copy link
Contributor

@kairoaraujo kairoaraujo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Danajoyluck 🎉
That is an amazing work, I added some suggestions

@Danajoyluck
Copy link
Contributor Author

Thank yoo @kairoaraujo for the updates, very much appreciate it!

@funnelfiasco
Copy link
Contributor

@Danajoyluck I put my suggestions in a gist. There's probably a lot of polish needed, but it generally just re-organizes things to match the three questions the doc is intended to answer.

I hope this is useful. Happy to talk through my choices if you'd like

@eddie-knight eddie-knight merged commit 97d50fa into main Aug 14, 2024
1 check passed
@eddie-knight eddie-knight deleted the architecture branch August 14, 2024 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation
Projects
None yet
7 participants