[Assessment] in-toto

[ultrasaurus]

Project Name: in-toto

Github URL: https://github.com/in-toto

Security Provider: yes

• Identify team
  • Project security lead: Santiago Torres Arias
  • Lead Security Reviewer: Sarah Allen (@ultrasaurus)
  • additional reviewers: Justin Cormack, Brandon Lum
• Create slack channel (e.g. #sec-assess-intoto)
• Project lead provides draft document
• "Dumb question phase" Lead Security Reviewer asks clarifying questions
• Initial review
• Project lead addresses comments/questions in draft doc
• Presentation & discussion - TODO Link recording, meeting minutes
• Share draft findings with project - in progress
• Assessment summary and doc checked in https://github.com/cncf/sig-security/tree/master/assessments/projects/in-toto
• CNCF TOC presentation -- July 9, 2019 https://www.youtube.com/watch?v=7R6IfBFg2VA (40:00)

[JustinCappos]

The in-toto team has reviewed the documentation and revised the documentation. I believe we're ready for the assessment team to take the next step

[ultrasaurus]

@JustinCappos added checkbox for "Project lead addresses comments/questions in draft doc" (we should add that to the template) -- doesn't block our finalizing the summary, but does block "Assessment summary and doc checked into..."

[dshaw]

👍 https://github.com/cncf/sig-security/tree/master/assessments/projects/in-toto

[lumjjb]

@ultrasaurus I believe the presentation to the TOC is over? shall we update it and close it out :)

[ultrasaurus]

linked video in the issue description