Communications/Meetings for this issue

A group meets up to discuss this issue as part of the Supply Chain Working Group. To keep in the loop of conversations, please join the slack channel: https://cloud-native.slack.com/archives/C01KL0B4LKC

Description:

Create a working group around an effort to create a reference architecture (backed by an open source implementation) of a Secure Software Factory (SSF) as highlighted in the supply chain paper.

Context: This is a continued effort from the original supply chain working group's work with the Supply Chain Paper. There are various discussions ongoing related to this in #625, #501, #600, Zero-Trust Supply Chains - Google Docs

Impact:

This working group will provide a commonplace for implementors of different communities (SPIRE, in-toto, tekton, sigstore, etc.) to work towards a similar goal of SSF. There are multiple efforts ongoing related to this, and this will help consolidate certain work streams.

Scope:

The scope of this includes architecture discussions and implementation efforts across various communities. The artifact produced from this should be a document laying out the reference architecture of a SSF with an appendix with implementation pointers and examples.

The target audience for this working group are implementors of SSF and contributing members of the underlying SSF components.

• STAG Leader Sponsor: @anvega @lumjjb
• Project leader(s): @anvega @mlieberman85

Proposed Schedule

Q4 2020

• [7 Oct] Ready for public comment for sections before prototyping
• [7 Oct] Cleanup document and open for RFC
• [11 Oct] Kubecon - Socialize RFC
• [21 Oct] Introduce new participants from Kubecon and overview of work and direction / levelset
• [28 Oct] Start discussion/writing on draft prototype design section
• [11 Nov] Complete draft for prototype design section, start main group discussion
• [25 Nov] Close main group discussion around prototype design (Thanksgiving, no meeting)
• [2 Dec- 20 Dec] Start planning and staffing for Supply Chain Ref Arch prototype sections agreed, staffing, getting additional folks/maintainers in
  • Consider other project limitations / work to reach ref arch baseline
• [20 Dec - 1 Jan 2022] Holidays

Q1 2021

• PROTOTYPING!!!

Q2 2021

• SHIP IT!!!

Contributing

To contribute, please refer to the "Contributing" section of the reference architecture document

Contributors

• Aditya Sirish
• Aeva Black
• Alex Floyd Marshall
• Andres Vega
• Andrew Block
• Aradhna Chetal
• Axel Simon
• Brandon Lum
• Brandon Mitchell
• Dan Pop
• David A Wheeler
• Ed Warnicke
• Emily Fox
• Ethan Lowman
• Garry Ing
• Glaucimar Aguiar
• Jacques Chester
• Jason Hall
• John Kjell
• Maor Kuriel
• Marina Moore
• Matt Moore
• Michael Lieberman
• Mike Lieberman
• Priya Wadhwa
• Rémy Greinhofer
• Shripad Nadgowda
• Trishank Karthik Kuppusamy