-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSF Technology Consumption Architecture for Dependency Management #17
Conversation
…#16) * Create readme.md Signed-off-by: Dana Wang <[email protected]> * Add files via upload Signed-off-by: Dana Wang <[email protected]> * Create consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Delete architecture directory Signed-off-by: Dana Wang <[email protected]> * Create readme.md Signed-off-by: Dana Wang <[email protected]> * Update readme.md Signed-off-by: Dana Wang <[email protected]> * Add files via upload Signed-off-by: Dana Wang <[email protected]> * Create consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Create consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Delete architecture/architecture directory Signed-off-by: Dana Wang <[email protected]> * Add files via upload Signed-off-by: Dana Wang <[email protected]> * Add files via upload Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Add files via upload Signed-off-by: Dana Wang <[email protected]> * Add files via upload Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Delete architecture/images/OpenSSF Practitioner Framework _Synopsys_OSSRA_Codebase .jpg Signed-off-by: Dana Wang <[email protected]> * Delete architecture/images/OpenSSF Practitioner Framework _Synopsys_OSSRA_Codebase.jpg Signed-off-by: Dana Wang <[email protected]> * Delete architecture/images/OpenSSF Practitioner Framework _Synopsys_OSSRA_Vuln.jpg Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> * Update consumption-architecture-dependency-management.md Signed-off-by: Dana Wang <[email protected]> --------- Signed-off-by: Dana Wang <[email protected]>
updated image path to be relative Signed-off-by: Dana Wang <[email protected]>
This looks really good, content-wise. From a presentation standpoint, the headings throw me off a bit because as a reader, I don't immediately see how to answer the questions the document says I have. One suggestion would be to organize the sections to match the three use cases in the "Intended Audience" section. Something like
Alternatively, that h1 could go away and the h2s could become h1s. I'd be happy to put together a draft if you'd find that helpful. |
Thank you @funnelfiasco for taking the time.... I'm very grateful that you are willing to update the document, and would love to see the new content structure. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is awesome work @Danajoyluck! Software supply chain security is a difficult landscape to navigate. Your map 🗺️ will ease that journey for folks new to the space. 🙌
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be good to have a different color scheme between OpenSSF Technology Lifecycle Stages
and OpenSSF Technology Adoption
. For folks familiar with the projects, it's a bit easier to know when the diagrams are referring to a project's lifecycle stage but, that could be harder for newcomers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @jkjell for spending time on this ......I mapped the technology adoption purposely with the lifecycle for people who are not familiar with OpenSSF TI lifecycle. I'll talk to you about how we make it more clear.
Co-authored-by: John Kjell <[email protected]> Signed-off-by: Dana Wang <[email protected]>
Update for Davi's review feedback. Signed-off-by: Dana Wang <[email protected]>
Updated the diagrams for RSTUF. Signed-off-by: Dana Wang <[email protected]>
Signed-off-by: Dana Wang <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @Danajoyluck 🎉
That is an amazing work, I added some suggestions
Co-authored-by: Kairo Araujo <[email protected]> Signed-off-by: Dana Wang <[email protected]>
Co-authored-by: Kairo Araujo <[email protected]> Signed-off-by: Dana Wang <[email protected]>
Thank yoo @kairoaraujo for the updates, very much appreciate it! |
@Danajoyluck I put my suggestions in a gist. There's probably a lot of polish needed, but it generally just re-organizes things to match the three questions the doc is intended to answer. I hope this is useful. Happy to talk through my choices if you'd like |
This document captures technologies that are hosted in OpenSSF and some technologies in CNCF. The technical stack in this document demonstrates how OSS security technologies make software supply chain more secure through dependency management.
The goals of this document are:
To help open source producers quickly navigate the OSS security technology landscape, discover, adopt and contribute to technical initiatives.
To provide an easy model for our end user organizations large and small to have a framework/reference architecture to help them think about adopting OpenSSF technical projects and guidance.