Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-27140

[ACTION REQUIRED] STI Mapping Survey Released for Red Hat Hybrid Cloud Console

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Unset
    • No

      Hello,

      The Product Security Supply Chain group has launched a survey to identify all Services, Tools, and Infrastructure (STIs) used in the build and release processes to develop, compose, maintain, and sign all Red Hat software listed in the Product Pages. This survey is part of an Audit, Research, Consulting (ARC) program audit project and is in the form of a Google Sheet that must be filled out. It is due on August 2nd.

      You were identified from the Product Pages as the best known contacts for Red Hat Hybrid Cloud Console, which is included in this STI Mapping Survey. We released the survey announcement on The Source and wanted to individually reach out to offer support and answer questions as needed.

      Your survey link is here: https://docs.google.com/spreadsheets/d/10jGDQUMicJ2ukqCNdWvAV4nngPoNlq68_ubacmjbHfo/edit#gid=2144313860

      Action items:

      • Please respond to this email letting us know if you are the best contact for further communications concerning this survey. If you are not the best contact, please let us know who on your team we should reach out to.
      • Complete the STI Mapping Survey by August 2nd. If you have questions, concerns, or blockers in this process, please reach out to myself, Jascha Lease, or Stephen Siravo.

      Further information:

      What is the purpose of this project?

      (Survey Project Charter) Red Hat doesn't yet have a comprehensive list of the STIs used in the build and release processes to develop, compose, maintain, and sign mapped to existing Red Hat software. This:

      • Negatively impacts our ability to understand core pipelines/workflows.
      • Prevents us from better measuring and automating compliance with SOA, CICD, and SSML requirements.
      • Reduces pipeline visibility, hindering remediation efforts and our ability to consult on supply chain threats.

      What is PSSC asking the Offerings Teams to do?

      Offering Teams need to fill out a Google Sheets survey. We're asking for a list of Content Types the software produces, all STIs used in software workflows, their read and write permissions, and any additional documentation that you may have. The Instructions page of the survey includes further explanation and a link to a FAQ.

      When is this due?

      The survey was released on July 13th and is due on August 2nd.

      Thank you for your help! If you have any questions, please reach out to Claire Burkhardt, [Stephen Siravo|mailto:ssiravo@redhat.com], or [Jascha Lease|mailto:jlease@redhat.com].
       
       

              rhn-support-bturner Benjamin Turner
              rhn-support-kdixon Kathryn Dixon
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: