{"id":13467261,"url":"https://github.com/cncf/tag-security","last_synced_at":"2026-01-27T10:34:40.733Z","repository":{"id":37384937,"uuid":"125122827","full_name":"cncf/tag-security","owner":"cncf","description":"🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!","archived":false,"fork":false,"pushed_at":"2025-12-04T17:34:57.000Z","size":101217,"stargazers_count":2246,"open_issues_count":21,"forks_count":571,"subscribers_count":153,"default_branch":"main","last_synced_at":"2025-12-08T01:39:37.269Z","etag":null,"topics":["access-control","assessment","cloud-native","cncf","safety","secure-access","security"],"latest_commit_sha":null,"homepage":"https://tag-security.cncf.io","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cncf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":"governance/README.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-03-13T22:30:42.000Z","updated_at":"2025-12-07T13:02:19.000Z","dependencies_parsed_at":"2025-04-18T01:03:24.607Z","dependency_job_id":"ac12b5cf-56fa-4522-a0a4-b9987b04f156","html_url":"https://github.com/cncf/tag-security","commit_stats":null,"previous_names":["cncf/sig-security"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cncf/tag-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftag-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftag-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftag-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftag-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cncf","download_url":"https://codeload.github.com/cncf/tag-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftag-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28812065,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T07:41:26.337Z","status":"ssl_error","status_checked_at":"2026-01-27T07:41:08.776Z","response_time":168,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","assessment","cloud-native","cncf","safety","secure-access","security"],"created_at":"2024-07-31T15:00:54.545Z","updated_at":"2026-01-27T10:34:40.728Z","avatar_url":"https://github.com/cncf.png","language":"HTML","funding_links":[],"categories":["HTML","security","Official Pages","Standards \u0026 Specifications"],"sub_categories":["Cloud Native"],"readme":"# Security Technical Advisory Group\n\n![Cloud Native Security Logo](/community/resources/design/logo/cloud-native-security-horizontal-darkmodesafe.svg)\n\n## Quick links\n\n- [Meeting Information](#meeting-information)\n- [Slack Information](#communications)\n- [Working Groups](#working-groups)\n\n## About Us\n\nThe CNCF Security Technical Advisory Group facilitates collaboration to exchange and produce knowledge and resources for building security in the cloud native ecosystem.\n\nCloud Native involves building, deploying, and operating modern applications in cloud computing environments, typically using open source. This complex ecosystem presents a technology risk landscape that demands rethinking application and information security through the lens of developer experience.\n\nWe aim to significantly reduce the probability and impact of attacks, breaches, and compromises. By empowering developers and operators to understand and manage the security posture of their systems, we strive to fulfill the promise of enhanced productivity and operational efficiency.\n\n## Key Focus Areas\n\n- **System Security Architectures**: Frameworks to protect resources and data.\n- **Common Lexicon, Templates \u0026 Libraries**: Tools for developers to create secure apps.\n- **Heuristics and Models**: Approaches for reasoning about system security.\n\n## Publications\n\nBelow is a list of publications by TAG Security. For a comprehensive collection of our works in various formats, please visit the [publications](community/publications/README.md) directory.\n\n| Publication | Latest Release |\n|-------------|------|\n| [Catalog of Supply Chain Compromises](community/catalog/compromises) | November 2019 - Present |\n| [Software Supply Chain Best Practices](community/working-groups/supply-chain-security/supply-chain-security-paper-v2/Software_Supply_Chain_Practices_whitepaper_v2.pdf) | March, 2025 |\n| [Open and Secure - A Manual for Practicing Threat Modeling to Assess and Fortify Open Source Security](community/assessments/Open_and_Secure.pdf) | November, 2023 |\n| [Handling Build-time Dependency Vulnerabilities](community/working-groups/archive/policy/overview-policy-build-time-dependency-vulns.md) | June, 2022 |\n| [Secure Software Factory: A Reference Architecture to Securing the Software Supply Chain](community/working-groups/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf) | May, 2022 |\n| [Cloud Native Security Controls Catalog](community/working-groups/archive/controls/phase-one-announcement.md) | May, 2022 |\n| [Cloud Native Security Whitepaper](community/resources/security-whitepaper/v2/CNCF_cloud-native-security-whitepaper-May2022-v2.pdf) | May, 2022 |\n| [Secure Defaults](community/resources/security-whitepaper/secure-defaults-cloud-native-8.md) | February, 2022 |\n| [Cloud Native Security Lexicon](community/resources/security-lexicon/cloud-native-security-lexicon.md) | August, 2021 |\n| [Evaluating your Supply Chain Security](community/working-groups/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md) | May, 2021 |\n| [Formal Verification for Policy Configurations](community/working-groups/archive/policy/overview-policy-formal-verification.md) | August, 2019 |\n\n## Governance\n\nRefer to the [Security TAG charter](governance/README.md) for our governance process.\n\n## Communications\n\nJoin our open discussions and share news:\n\n- [Email list](https://lists.cncf.io/g/cncf-tag-security)\n- [CNCF Slack](https://slack.cncf.io/) #tag-security channel (Refer to the [contributing guidelines](CONTRIBUTING.md) for posting and participation details.)\n\n## Meeting Information\n\n- **Americas**: Weekly on Wednesdays at 10 am (UTC-7). [Zoom link](https://zoom-lfx.platform.linuxfoundation.org/meeting/99826624011?password=1f36a78e-7dd1-43e6-b3c8-6a305038acb5),\n- **APAC**: Bi-weekly on Thursday at 11 am (UTC+9). [Zoom link](https://zoom-lfx.platform.linuxfoundation.org/meeting/99241433042?password=ac8fe376-2fdf-4b90-b4de-a19a31fdb726).\n\nCheck your local timezone [here](https://time.is/). Meetings are listed on the [CNCF calendar](https://www.cncf.io/calendar/) (filter by TAG Security and Compliance!)\n\nTo add a topic to the agenda, review our [process](governance/process.md#getting-on-the-agenda).\n\n## New members\n\nIf you are new to the group, we encourage you to check out our\n[contributing guidelines](CONTRIBUTING.md).\n\n## Related groups\n\nExplore groups affiliated with or relevant to Security TAG [here](governance/related-groups/README.md)\n\n## Leadership\n\nDetails about the TAG Chairs, Tech Leads, and TOC Liaisons can be found on the [CNCF Technical Advisory Groups (TAGs) information page](https://github.com/cncf/toc/blob/main/tags/cncf-tags.md)\n\n## TAG Emeritus Leaders\n\nThank you to all the [tag emeritus leaders](/community/assets/tag-emeritus-leaders.md) for your contributions to the success of this community.\n\n### Working Groups\n\nThe TAG's working groups focus on specific areas and organize most community activities, including weekly meetings.\nThese groups facilitate discussions, engagement, and publications with key stakeholders, operating differently based on their needs.\nEach group, led by a responsible leader, reaches consensus on issues and manages logistics. All materials, such as reports, white papers, documents, and reference architectures, are in the repository's /community directory.\n\n| Project | Leads | STAG Rep |\n|---------------------------------|---------------------------------------------|---------------------------------|\n| [Automated Governance](/community/working-groups/automated-governance/README.md) | Brandt Keller | Matthew Flannery |\n| [Catalog of Supply Chain Compromises](/community/catalog/README.md) | Santiago Arias Torres | Marina Moore |\n| [Commons](/community/working-groups/commons/README.md) | Eddie Knight | Marco De Benedictis |\n| [Compliance](/community/working-groups/compliance/README.md) | Anca Sailer, Robert Ficcaglia | Brandt Keller |\n| [Security Assessments](/community/assessments/README.md) | Justin Cappos | Eddie Knight |\n| [Software Supply Chain](/community/working-groups/supply-chain-security/README.md) | Michael Lieberman | Marina Moore |\n\n## Additional information\n\n### CNCF Security TAG assessments\n\nFor [CNCF project proposal process](https://github.com/cncf/toc/blob/main/process)\ncreate a\nnew [security assessment issue](https://github.com/cncf/tag-security/issues/new?assignees=\u0026labels=assessment\u0026template=security-assessment.md\u0026title=%5BAssessment%5D+Project+Name)\nwith a\n[self-assessment](/community/assessments/guide/self-assessment.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcncf%2Ftag-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcncf%2Ftag-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcncf%2Ftag-security/lists"}