add kubearmor projects for gsoc 2023 (#867)

Signed-off-by: Anurag <contact.anurag7@gmail.com>
cncf · Mar 10, 2023 · 69dd6f8 · 69dd6f8
1 parent 08f9fa4
commit 69dd6f8
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/summerofcode/2023.md b/summerofcode/2023.md
@@ -53,6 +53,9 @@ If you are a project maintainer and consider mentoring during the GSoC 2023 cycl
     + [Dataplane migration for Apache Kafka communications: From Vert.x to Project Loom](#dataplane-migration-for-apache-kafka-communications--from-vertx-to-project-loom)
     + [Porting Knative Serving to Microshift](#porting-knative-serving-to-microshift)
     + [Self-Balancing Knative Kafka Broker partitions](#self-balancing-knative-kafka-broker-partitions)
+  * [KubeArmor](#kubearmor)
+    + [GitHub Actions for KubeArmor](#github-actions-for-kubearmor)
+    + [Store KubeArmor policies in OCI registry](#store-kubearmor-policies-in-oci-registry)
   * [Kubebuilder](#kubebuilder)
     + [Helper to upgrade the projects](#helper-to-upgrade-the-projects)
   * [KubeVela](#kubevela)
@@ -323,6 +326,31 @@ This project lends itself to GSoC due to the modular nature of the tasks which a
 - Difficulty: Hard
 - Upstream Issue (URL): https://github.com/knative-sandbox/eventing-kafka-broker/issues/2917
 
+### KubeArmor
+
+#### GitHub Actions for KubeArmor
+
+- Description: Build a GitHub action to allow the usage of KubeArmor in the CI. KubeArmor should be able to identify change in the application posture early in the dev life cycle. If the app changes results in new app behavior such as new process invocation or new file system access or new network connections, then the same has to be highlighted early in the application life cycle so that the security posture changes can be handled accordingly.
+- Expected outcome: [`karmor summary`](https://github.com/kubearmor/kubearmor-client/) provides a way to verify the [application behavior](https://github.com/kubearmor/KubeArmor/blob/main/getting-started/workload_visibility.md). The aim here would be to baseline the application behavior and check for any deviation during subsequent application updates. It then should look for any potential security gaps and recommend policies leveraging based on that.
+The action should be able to  generate a summary using baseline benchmark and then show the application based changes in the graphical mode.
+- Mentor(s): Ankur Kothiwal(Ankurk99, ankur DOT kothiwal99 AT gmail DOT com), Anurag Kumar(kranurag7, contact DOT anurag7 AT gmail DOT com), Barun Acharya(daemon1024, barun1024 AT gmail DOT com)
+- Expected project size: 175 Hours
+- Recommended Skills: Kubernetes, GitHub Actions
+- Difficulty: Medium
+- Upstream Issue (URL): https://github.com/kubearmor/KubeArmor/issues/1128
+
+#### Store KubeArmor policies in OCI registry
+
+- Description: Store KubeArmor policies & host policies as OCI Artifacts.
+OCI Artifacts are a set of conventions that allows us to store assets other than the container images, like Helm Charts, inside an OCI registry.  
+[Artifact Hub](https://artifacthub.io/) is a website where users can find, install, and publish packages and configurations for CNCF projects. The idea is to use Artifact Hub for pushing, pulling and verifying the authenticity of KubeArmor policies using [cosign](https://github.com/sigstore/cosign).
+- Expected outcome: The contributor is expected to create subcommand for `karmor` to interact with OCI registries for pushing, pulling and verifying policies based on OCI Artifacts specification.
+- Mentor(s): Ankur Kothiwal(Ankurk99, ankur DOT kothiwal99 AT gmail DOT com), Anurag Kumar(kranurag7, contact DOT anurag7 AT gmail DOT com), Barun Acharya(daemon1024, barun1024 AT gmail DOT com)
+- Expected project size: 175 Hours
+- Recommended Skills: Go, Containers
+- Difficulty: Medium
+- Upstream Issue (URL): https://github.com/kubearmor/KubeArmor/issues/1130
+
 ### Kubebuilder
 
 #### Helper to upgrade the projects