Essentially we want them to create LFIDs to grant access. Shubhra

Thanks Stephen. We have granted access to given access to stefan@.... We are unable to find accounts forhidde@... and michael@... . Regards, Vasu From:Stephen Augustus

Hi Alexis, You should have access to the security reports of the flux project. Please let me know if you have any questions.

As I understand it, https://maintainers.cncf.io/ holds the aggregate maintainers for CNCF project. For flux, specifically: https://github.com/fluxcd/flux/blob/master/MAINTAINERS -- Stephen

I would suggest we add access for all the maintainers of the project and anyone on the governance committees (example TSCs). Do you maintain a maintainers.md file or better for us to just scan the

thanks, how do I share these with the flux maintainers and community

Yes, please. To your general point -- I have a view that if Snyk (or similar) offers a free scanning service to CNCF projects, then the community should benefit. These are completely standard

Jim, We are looking into, let me get back to you with an update. Regards, Vasu --- Sr. Director, Head Of Engineering Cell: 1.408.420.0404 Slack:@Vasu From:St Leger, Jim

That depends on your viewpoint, the maintainers ideally should make that call per project based on whatever security process they have in place for the project. You can have a view that maintainers

I see. Well, I'm not. This info should be open to all, without any barriers whatsoever

I think what Chris means is that if you are already scanning with Snyk, then you won't see anything different in the LFX feed.

Apologies - will miss TOC liaison discussion today. No electricity or water in my area. No/limited cellular. Hoping this message catches a signal before tomorrow’s call. -Lee

+ Pranab and Vasu (product/eng leads on LFX I believe.) Jim

Thanks Chris It would be great if this data was readily accessible. I don't think packing into GH actions provides that, however useful it may be for other purposes

I'll follow up Alexis on the ticket but it's just white labeled https://snyk.io If you are already using, say Snyk via github action (https://github.com/snyk/actions/tree/master/golang) you won't see

Hi all Has anyone looked at this? https://security.lfx.linuxfoundation.org/#/ How do we see project data? I wanted to take a look at flux. I had to create a login. Then, I had to "request" a view,

Hi all, We'll be meeting tomorrow at 8am Pacific. We'll have a short discussion about TOC liaisons with the SIGs, and then have an open floor for discussion. Presentation:

Hi Liz, Michelle, all, Stefan and Daniel have responded on individual points. I'll attempt to fill in the remainder -- The discussion in https://github.com/fluxcd/flux2/discussions/620 may run for a

Hi Liz, We've updated the Flagger logo on the docs website including all diagrams. The description now states that Flagger is part of the Flux family. Please let us know if there is something else we

Hello everybody, In argoproj/gitops-engine#126 I updated the FAQ to reflect the current situation, but didn't want to update the rest of FAQ as I didn't want to speak for the Argo project. I just