adding CNCF GOSST GSoC Collaboration project idea (#1197)

* adding CNCF GOSST GSoC Collaboration project proposal Signed-off-by: Nate W <[email protected]> * Update programs/summerofcode/2024.md Signed-off-by: Nate W <[email protected]> * Update programs/summerofcode/2024.md Signed-off-by: Nate W <[email protected]> * Update programs/summerofcode/2024.md Signed-off-by: Nate W <[email protected]> * Update programs/summerofcode/2024.md Signed-off-by: Nate W <[email protected]> --------- Signed-off-by: Nate W <[email protected]>
cncf · Mar 22, 2024 · b945592 · b945592
1 parent f24a9ca
commit b945592
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/programs/summerofcode/2024.md b/programs/summerofcode/2024.md
@@ -31,6 +31,24 @@ You can find the project ideas from previous year [here](./2023.md).
 
 ### Proposals
 
+#### CNCF GOSST
+
+##### CNCF and Google Open Source Security Team GSoC Collaboration - Enhancing Security Across CNCF Ecosystem
+
+- Description: This project is a collaborative effort between the CNCF and Google's Open Source Security Team to improve security practices across various CNCF projects. The focus is identifying and addressing security vulnerabilities, integrating security tools like OSS-Fuzz, and enhancing build and release security processes. The goal is to get all CNCF projects to use scorecards (focusing on graduated/incubating projects first) and to remediate some of the findings.
+- Expected Outcome:
+  * All graduated and incubating CNCF projects using OpenSSF Scorecards to assess and enhance their security postures. Stretch goal: all (including sandbox) CNCF projects using OpenSFF Scorecards.
+    * Remediation of identified vulnerabilities based on scorecard findings
+    * Where CNCF projects are already using [OpenSSF Scorecard](https://securityscorecards.dev/), improved scores (remediating [various risk assessments](https://securityscorecards.dev/#the-checks)
+  * Integration or enhancement of fuzzing with [OSS-Fuzz](https://google.github.io/oss-fuzz/) for CNCF projects
+  * Improved build/release security by automating builds and releases, added build provenance, signing, and improved reproducibility
+- Recommended Skills: Security analysis, CI/CD practices, programming (preferably Go), knowledge of CNCF projects.
+- Expected project size: large (~350 hour projects)
+- Mentor(s):
+  - Nate Waddington (@nate-double-u, [email protected])
+  - Dustin Ingram ([email protected])
+- Upstream Issue (URL): https://github.com/cncf/mentoring/issues/1196
+
 #### Falco
 
 ##### Upgrading event-generator and automating Falco performance testing