Re: security & CNCF projects

Shubhra Kar

Essentially we want them to create LFIDs to grant access.


On Tue, Feb 16, 2021, 10:05 AM Vasu Naidu <vnaidu@...> wrote:

Thanks Stephen.


We have granted access to given access to stefan@....


We are unable to find accounts for hidde@... and michael@... .






From: Stephen Augustus <hey@...>
Date: Tuesday, February 16, 2021 at 9:52 AM
To: Shubhra Kar <skar@...>
Cc: Alexis Richardson <alexis@...>, Vasu Naidu <vnaidu@...>, St Leger, Jim <>, Chris Aniszczyk <caniszczyk@...>, Pranab Bajpai (pbajpai@...) <pbajpai@...>, Alexis Richardson via cncf-toc <cncf-toc@...>
Subject: Re: [cncf-toc] security & CNCF projects

As I understand it, holds the aggregate maintainers for CNCF project.


-- Stephen


On Tue, Feb 16, 2021 at 12:46 PM Shubhra Kar <skar@...> wrote:

I would suggest we add access for all the maintainers of the project and anyone on the governance committees (example TSCs).


Do you maintain a file or better for us to just scan the repos and find the contributors ?

Kind Regards,


Shubhra Kar

CTO and GM of Products and IT

tweet: @shubhrakar



On Tue, Feb 16, 2021 at 9:10 AM Alexis Richardson <alexis@...> wrote:

thanks, how do I share these with the flux maintainers and community


On Tue, Feb 16, 2021 at 4:59 PM Vasu Naidu <vnaidu@...> wrote:

Hi Alexis,


You should have access to the security reports of the flux project. Please let me know if you have any questions.






From: St Leger, Jim <>
Date: Tuesday, February 16, 2021 at 7:06 AM
To: Chris Aniszczyk <
caniszczyk@...>, alexis richardson <alexis@...>, Pranab Bajpai (pbajpai@...) <pbajpai@...>, Vasu Naidu (vnaidu@...) <vnaidu@...>
Cc: Alexis Richardson via cncf-toc <
Subject: RE: [cncf-toc] security & CNCF projects

+ Pranab and Vasu (product/eng leads on LFX I believe.)




From: cncf-toc@... <cncf-toc@...> On Behalf Of Chris Aniszczyk
Sent: Tuesday, February 16, 2021 7:13 AM
To: alexis richardson <alexis@...>
Cc: Alexis Richardson via cncf-toc <cncf-toc@...>
Subject: Re: [cncf-toc] security & CNCF projects


I'll follow up Alexis on the ticket but it's just white labeled 


If you are already using, say Snyk via github action ( you won't see anything new (which is available for open source projects).


On Tue, Feb 16, 2021 at 3:54 AM alexis richardson <alexis@...> wrote:

Hi all


Has anyone looked at this? 


How do we see project data?  I wanted to take a look at flux.  I had to create a login.  Then, I had to "request" a view, which turned out to mean filing a JIRA ticket.  Since then, tumbleweed.


Can we have something more open & useful please?







Chris Aniszczyk (@cra)

Join to automatically receive all group messages.