Re: Security/Compliance reports regarding Spinnaker


Rosalind Benoit
 

Hi all, I've added Beth Fuller, a product manager at Armory who has been doing a lot of work on the Security SIG. I think she can be of further assistance with this F5 inquiry.


Rosalind

On Mon, Jun 15, 2020 at 11:56 AM Rosalind Benoit via lists.cd.foundation <rosalind.benoit=armory.io@...> wrote:
Checking to see if we can assist.

On Mon, Jun 15, 2020 at 8:59 AM Michael Galloway <mgalloway@...> wrote:
Netflix unfortunately does not anything that we can share.

Perhaps Armory may be able to help, Rosalind?

On Mon, Jun 15, 2020 at 8:29 AM Chris Aniszczyk <caniszczyk@...> wrote:
This is exactly what the security audit will provide once it's open sourced and shared with the community.

I believe it was procured recently and is being scheduled. Brian Warner can chase it down.

There may be older audits that Netflix done that they can choose to open source and share but I'm not familiar with those.

On Mon, Jun 15, 2020 at 10:13 AM Michael Galloway via lists.cd.foundation <mgalloway=netflix.com@...> wrote:
Is this something our security review is supposed to provide? 

I’ll ask folks on the Spinnaker project as well, to see if there is any material.


On Mon, Jun 15, 2020 at 6:47 AM Jacque Salinas <jsalinas@...> wrote:
Hello, 

Who should I route this to?

---------- Forwarded message ---------
From: Suhrud Kumar CHILUVERU <s.chiluveru@...>
Date: Thu, Jun 11, 2020 at 2:00 AM
Subject: Security/Compliance reports regarding Spinnaker
To: info@... <info@...>


Hello CD Foundation Team,

 

We, at F5 Networks, are looking to implement Spinnaker as Continuous Delivery Platform for our services. However to integrate with our internal services, our Information Security team is looking for some security and compliance reports for the spinnaker product.

 

Can you please see if you can provide the following (where available): 
• SOC2 type 2 (SSAE16) report 
• PCI DSS compliance report 
• ISO 27001 and/or 27018 certification(s) 
• Security related system diagrams 
• One of the following: 
o Clean software analysis report (from Veracode, or equivalent) showing code is malware-free 
or 
o Contractual Attestation that software is malicious-code free 

 

This would greatly help us in clearing our Third Party Security Assessment and start using Spinnaker as our CD platform.

 

Thanks

Suhrud

SRE – F5

 

 



--
Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Chris Aniszczyk (@cra) | +1-512-961-6719



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Rosalind Benoit
Director of Community at Armory
503-857-7357  |  rosalind@...  |  www.armory.io
@dnilasor on Spinnaker Slack
@dnilas0r on Twitter



--
Rosalind Benoit
Director of Community at Armory
503-857-7357  |  rosalind@...  |  www.armory.io
@dnilasor on Spinnaker Slack
@dnilas0r on Twitter

Join cdf-toc@lists.cd.foundation to automatically receive all group messages.