{"id":13495647,"url":"https://github.com/cncf/toc","last_synced_at":"2026-01-25T09:33:42.087Z","repository":{"id":37734458,"uuid":"47574295","full_name":"cncf/toc","owner":"cncf","description":"⚖️ The CNCF Technical Oversight Committee (TOC) is the technical governing body of the CNCF Foundation.","archived":false,"fork":false,"pushed_at":"2026-01-20T19:24:51.000Z","size":18434,"stargazers_count":1822,"open_issues_count":141,"forks_count":673,"subscribers_count":225,"default_branch":"main","last_synced_at":"2026-01-21T04:38:19.363Z","etag":null,"topics":["cloud","cloudnative","cncf"],"latest_commit_sha":null,"homepage":"https://cncf.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cncf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":"governance/tag-governance.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2015-12-07T19:29:57.000Z","updated_at":"2026-01-20T19:24:59.000Z","dependencies_parsed_at":"2022-07-08T04:47:59.297Z","dependency_job_id":"6d2ad95d-cc41-4adb-bc3f-add8777c4089","html_url":"https://github.com/cncf/toc","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cncf/toc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftoc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftoc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftoc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftoc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cncf","download_url":"https://codeload.github.com/cncf/toc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cncf%2Ftoc/sbom","scorecard":{"id":294577,"data":{"date":"2025-08-11","repo":{"name":"github.com/cncf/toc","commit":"99be26eb112e19f5a63eb01f3e88559d5ab17517"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.9,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":9,"reason":"Found 11/12 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/tags_yaml_branch_pr_processing.yaml:53","Warn: untrusted code checkout '${{ github.event.pull_request.head.ref }}': .github/workflows/tags_yaml_branch_pr_processing.yaml:27","Warn: untrusted code checkout '${{ github.event.pull_request.head.ref }}': .github/workflows/tags_yaml_fork_pr_processing.yaml:28"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/labeler.yaml:14","Warn: no topLevel permission defined: .github/workflows/labeler.yaml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/tags_yaml_branch_pr_processing.yaml:18","Warn: topLevel 'contents' permission set to 'write': .github/workflows/tags_yaml_fork_pr_processing.yaml:18","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cncf/toc/labeler.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/labeler.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cncf/toc/labeler.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/labeler.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/cncf/toc/labeler.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tags_yaml_branch_pr_processing.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cncf/toc/tags_yaml_branch_pr_processing.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tags_yaml_branch_pr_processing.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cncf/toc/tags_yaml_branch_pr_processing.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tags_yaml_fork_pr_processing.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cncf/toc/tags_yaml_fork_pr_processing.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tags_yaml_fork_pr_processing.yaml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/cncf/toc/tags_yaml_fork_pr_processing.yaml/main?enable=pin","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":1,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Warn: 'force pushes' enabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Info: required approving review count is 2 on branch 'main'","Info: codeowner review is required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T19:09:02.644Z","repository_id":37734458,"created_at":"2025-08-17T19:09:02.645Z","updated_at":"2025-08-17T19:09:02.645Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28750875,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T09:00:19.176Z","status":"ssl_error","status_checked_at":"2026-01-25T09:00:04.131Z","response_time":113,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","cloudnative","cncf"],"created_at":"2024-07-31T19:01:36.707Z","updated_at":"2026-01-25T09:33:42.077Z","avatar_url":"https://github.com/cncf.png","language":"Go","readme":"# CNCF Technical Oversight Committee (TOC)\n\nThe CNCF TOC is the technical governing body of the CNCF. It admits and oversees all projects in the CNCF  and has a mandate to facilitate driving neutral consensus for:\n* defining and maintaining the technical vision and [principles](https://github.com/cncf/toc/blob/main/PRINCIPLES.md) for the Cloud Native Computing Foundation,\n* approving new projects within the scope of  the CNCF set by the Governing Board (GB), creating  a conceptual architecture for the projects, aligning projects, removing or archiving projects,\n* accepting feedback from end user technical advisory board and map to projects,\n* aligning interfaces to components under management (code reference implementations before standardizing), and defining common practices to be implemented across CNCF projects, if any.\n\n## TOC Technical Vision\nThe technical direction of the ecosystem is problem-centric. We encourage and support our projects to solve problems faced by adopters, to build the right ecosystem for innovation and embrace changes in the broader technical landscape. To exercise and increase the expertise within the technical community to compose solutions that stand the test of time.\n\n## Members\n\n* **Alex Chircop**  (term: 2 years - start date: 3/4/2025 - 3/4/2027) [TOC-appointed]\n* **Chad Beaudin** (term: 2 years - start date: 3/4/2025 - 3/4/2027) [EndUser-appointed]\n* **Davanum Srinivas** (term: 2 years - start date: 2/16/2024 - 2/16/2026) [TOC-appointed]\n* **Emily Fox** (term: 2 years - start date: 2/4/2024 - 3/4/2026) [GB-appointed]\n* **Faseela K** (term: 2 years 3/4/2025 - 3/4/2027) [GB-appointed]\n* **Jeremy Rickard** (term: 2 years - start date: 3/4/2025 - 3/4/2027) [GB-appointed]\n* **Karena Angell** (term: 2 years - start date: 3/4/2025 - 3/4/2027) [GB-appointed][TOC Chair]\n* **Katie Gamanji** (term: 2 years - start date: 3/18/2022 - 2/4/2026) [GB-appointed]\n* **Kevin Wang** (term: 2 years - start date 2/4/2024 - 2/4/2026) [Maintainer-appointed]\n* **Lin Sun** (term: 2 years - start date 2/4/2024 - 2/4/2026) [GB-appointed]  \n* **Ricardo Rocha** (term: term: 2 years - start date: 2/4/2024 - 2/4/2026) [EndUser-appointed]\n\n## TOC Shadows\n\n* **Ricardo Aravena** (term: 1 year - start date: 3/4/2025 - 3/4/2026) [GB-appointed][shadow]\n\nElection [schedule](operations/election-schedule.md)\n\n## Projects\n\nSee the [current CNCF projects](https://www.cncf.io/projects/) and a description of project maturity levels (Sandbox, Incubating, Graduated).\n\nThe CNCF provides a [list of services](https://www.cncf.io/services-for-projects/) for incubating and graduated projects hosted in the foundation. A subset of these services is also available for [Sandbox](https://www.cncf.io/sandbox-projects/) level projects.\n\nDo you want to contribute to a project? We have a [guide](https://contribute.cncf.io/contributors/) to get you started.\n\nIf you would like to know more about the project lifecycle we use, we have [outlined the process](https://github.com/cncf/toc/blob/main/process/README.md). If you have any questions or don't know where to start, please open an [issue](https://github.com/cncf/toc/issues).\n\n## Meeting Time\n\nThe TOC meets on the 1st and 3rd Tuesday of every month at 8AM PT (USA Pacific Time; [Convert to local time zone](http://www.thetimezoneconverter.com/?t=8:00AM\u0026tz=San%20Francisco)).  \n\nHere is a [calendar for all public CNCF events](https://zoom-lfx.platform.linuxfoundation.org/meetings/cncf?view=week). This calendar is also available on the [CNCF Website](https://www.cncf.io/calendar/) Meetings can be joined directly form the calendar.\n\n## Meeting Agenda and Minutes\n- [Meeting Agenda and Minutes](https://github.com/cncf/toc/issues?q=is%3Aissue%20label%3Akind%2Fmeeting%20)\n- [Archive (2018.10~2024.08) of Meeting Working Doc](https://docs.google.com/document/d/1jpoKT12jf2jTf-2EJSAl4iTdA7Aoj_uiI19qIaECNFc/edit#). This includes minutes from previous meetings.\n- [Archive (2016.02~2019.06) of Meeting agenda and presentations](resources/meeting_presentations.md).\n- [Archive (2016.04~2018.11) of community presentations](resources/scheduled_presentations.md)\n- [CNCF TOC Playlist on YouTube](https://www.youtube.com/playlist?list=PLj6h78yzYM2Mf6GCZzW6CAk6GlZESbemB)\n\n## Mailing List\n\nPublic mailing list for the CNCF TOC: cncf-toc@lists.cncf.io\n\nThe public mailing archive: https://lists.cncf.io/g/cncf-toc\n\nDetails to join this public mailing list: https://lists.cncf.io/mailman/listinfo/cncf-toc\n\nIn case you need to reach the CNCF TOC on sensitive issues, please email us at: cncf-private-toc@lists.cncf.io\n\n## Slack\n\nPublic CNCF TOC channel: Join the [CNCF slack](https://slack.cncf.io/) and we are reachable at [#toc](https://cloud-native.slack.com/archives/C0MP69YF4).  \n\n## Voting\n\nThis is our [voting policy](https://github.com/cncf/toc/blob/main/operations/toc-decision-process.md#voting). Only TOC members can cast binding votes. (+1 Binding)\n\n## Technical Advisory Groups and TOC SubProjects\n\n### Technical Advisory Groups\n\n* [TAG Developer Experience](./tags/tag-developer-experience/)\n* [TAG Infrastructure](./tags/tag-infrastructure/)\n* [TAG Operational Resilience](./tags/tag-operational-resilience/)\n* [TAG Security and Compliance](./tags/tag-security-and-compliance/)\n* [TAG Workloads Foundation](./tags/tag-workloads-foundation/charter.md)\n\n### TOC SubProjects\n\n* [Contributor Strategy and Advocacy  SubProject](./toc_subprojects/contributor-strategy-and-advocacy-subproject)\n* [Mentoring SubProject](./toc_subprojects/mentoring-subproject/)\n* [Project Reviews SubProject](./toc_subprojects/project-reviews-subproject/)\n\n## Technical Advisory Groups - Archived\n\nThe TOC has approved the formation of [TAGs](./.archive/README.md).\nThe following Technical Advisory Groups have been archived: \n\n* [TAG-Security](https://github.com/cncf/tag-security)\n* [TAG-Storage](https://github.com/cncf/tag-storage) \n* [TAG-App-Delivery](https://github.com/cncf/tag-app-delivery)\n* [TAG-Network](https://github.com/cncf/tag-network)\n* [TAG-Runtime](https://github.com/cncf/tag-runtime)\n* [TAG Contributor Strategy](https://github.com/cncf/tag-contributor-strategy)\n* [TAG Observability](https://github.com/cncf/tag-observability)\n* [TAG Environmental Sustainability](https://github.com/cncf/tag-env-sustainability)\n\nThese Technical Advisory Groups have been spun down and replaced with new Technical Advisory Groups and TOC SubProjects, listed above.\n\n### Updating TAG or SubProject README files\n\nTo modify the README files for individual TAGs or TOC SubProjects, please **do not edit them directly**. Instead, the source of truth for these files is the [`tags.yaml`](https://github.com/cncf/toc/blob/main/tags.yaml) file. To understand the process for updating these READMEs by modifying `tags.yaml`, please refer to the [Updating TOC TAG and SubProject README Files document](./generator/updating-tag-and-toc=subproject-readme-files.md).","funding_links":[],"categories":["Go","Kubernetes and Cloud Native Associate (KCNA)"],"sub_categories":["Documentation, Tips and Tricks"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcncf%2Ftoc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcncf%2Ftoc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcncf%2Ftoc/lists"}