Difference between revisions of "Security/How To Contribute"
< Security
m (→Developers, New to OpenStack) |
|||
(10 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
− | == How | + | == How to contribute to the OpenStack Security SIG == |
=== Initial Steps for Everyone === | === Initial Steps for Everyone === | ||
− | # Join the | + | # Join the SIG launchpad group: https://launchpad.net/~openstack-ossg |
− | # Join the OpenStack Security mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack- | + | # Join the OpenStack Security SIG mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-sigs |
− | # Introduce yourself at the weekly | + | # Introduce yourself at the weekly Security SIG meeting on IRC: https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity |
# Read the sections below for specific ways that someone with your skills can help improve the security of OpenStack. | # Read the sections below for specific ways that someone with your skills can help improve the security of OpenStack. | ||
Line 33: | Line 33: | ||
=== Developers, Experienced with OpenStack === | === Developers, Experienced with OpenStack === | ||
* Security leadership on specific OpenStack project | * Security leadership on specific OpenStack project | ||
− | :* | + | :* SIG people with both a strong security background and a strong OpenStack background to work as core developers on projects. These people would help serve as the link between OSSG and the OpenStack project by: |
::* Identifying areas where the code should be improved | ::* Identifying areas where the code should be improved | ||
::* Writing blueprints for security features related to that project | ::* Writing blueprints for security features related to that project | ||
Line 48: | Line 48: | ||
:* Object Storage (Swift): https://blueprints.launchpad.net/swift | :* Object Storage (Swift): https://blueprints.launchpad.net/swift | ||
:* Image Service (Glance): https://blueprints.launchpad.net/glance | :* Image Service (Glance): https://blueprints.launchpad.net/glance | ||
− | :* | + | :* Identity (Keystone): https://blueprints.launchpad.net/keystone |
:* Dashboard (Horizon): https://blueprints.launchpad.net/horizon | :* Dashboard (Horizon): https://blueprints.launchpad.net/horizon | ||
:* Networking (Neutron): https://blueprints.launchpad.net/neutron | :* Networking (Neutron): https://blueprints.launchpad.net/neutron | ||
Line 58: | Line 58: | ||
* Review / edit / add to the OpenStack Security Guide | * Review / edit / add to the OpenStack Security Guide | ||
:* Webpage: http://docs.openstack.org/sec/ | :* Webpage: http://docs.openstack.org/sec/ | ||
− | :* DocBook Source: https://github.com/openstack/ | + | :* DocBook Source: https://github.com/openstack/security-doc/tree/master/security-guide |
* Review / edit / create OSSNs | * Review / edit / create OSSNs | ||
+ | :* https://wiki.openstack.org/wiki/Security/Security_Note_Process | ||
:* https://launchpad.net/ossn | :* https://launchpad.net/ossn | ||
* Review blueprints (see links in developer section above) | * Review blueprints (see links in developer section above) | ||
Line 65: | Line 66: | ||
=== Writers / Editors === | === Writers / Editors === | ||
− | * | + | * Initial setup instructions can be found at the Documentation First Timer's How To page: https://wiki.openstack.org/wiki/Documentation/HowTo/FirstTimers |
+ | * Once those steps are complete, you can help review / edit the OpenStack Security Guide | ||
:* Webpage: http://docs.openstack.org/sec/ | :* Webpage: http://docs.openstack.org/sec/ | ||
− | :* DocBook Source: https://github.com/openstack/ | + | :* DocBook Source: https://github.com/openstack/security-doc/tree/master/security-guide |
+ | :* List of Enhancements / Bugs: https://bugs.launchpad.net/openstack/+bugs?field.tag=sec-guide | ||
+ | :* Open a new Enhancement / Bug: File a bug on https://bugs.launchpad.net/openstack-manuals/+filebug and tag it with "sec-guide". Option for tags is available under "Extra options". | ||
+ | |||
* Review / edit OSSNs | * Review / edit OSSNs | ||
+ | :* https://wiki.openstack.org/wiki/Security/Security_Note_Process | ||
:* https://launchpad.net/ossn | :* https://launchpad.net/ossn | ||
Line 75: | Line 81: | ||
* Add security tests to OS projects | * Add security tests to OS projects | ||
* Learn to identify and file Security Bugs | * Learn to identify and file Security Bugs | ||
− | * | + | * Identify open bugs and/or report security bugs that you can work on to learn a project (we recommend starting with just one project before branching out too much) |
:* Compute (Nova): https://bugs.launchpad.net/nova | :* Compute (Nova): https://bugs.launchpad.net/nova | ||
:* Object Storage (Swift): https://bugs.launchpad.net/swift/ | :* Object Storage (Swift): https://bugs.launchpad.net/swift/ | ||
:* Image Service (Glance): https://bugs.launchpad.net/glance | :* Image Service (Glance): https://bugs.launchpad.net/glance | ||
− | :* | + | :* Identity (Keystone): https://bugs.launchpad.net/keystone |
:* Dashboard (Horizon): https://bugs.launchpad.net/horizon | :* Dashboard (Horizon): https://bugs.launchpad.net/horizon | ||
:* Networking (Neutron): https://bugs.launchpad.net/neutron | :* Networking (Neutron): https://bugs.launchpad.net/neutron |
Latest revision as of 11:50, 6 March 2018
Contents
How to contribute to the OpenStack Security SIG
Initial Steps for Everyone
- Join the SIG launchpad group: https://launchpad.net/~openstack-ossg
- Join the OpenStack Security SIG mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-sigs
- Introduce yourself at the weekly Security SIG meeting on IRC: https://wiki.openstack.org/wiki/Meetings/OpenStackSecurity
- Read the sections below for specific ways that someone with your skills can help improve the security of OpenStack.
Developers, New to OpenStack
- Set yourself up to contribute to OpenStack (see the “If you’re a developer” section): https://wiki.openstack.org/wiki/How_To_Contribute
- Review code reviews tagged as SecurityImpact
- Notifications come to the openstack-security mailing list
- https://review.openstack.org/#/q/message:SecurityImpact+is:open,n,z
- Identify open bugs that you can work on to learn a project (we recommend starting with just one project before branching out too much)
- Compute (Nova): https://bugs.launchpad.net/nova
- Object Storage (Swift): https://bugs.launchpad.net/swift/
- Image Service (Glance): https://bugs.launchpad.net/glance
- Identity (Keystone): https://bugs.launchpad.net/keystone
- Dashboard (Horizon): https://bugs.launchpad.net/horizon
- Networking (Neutron): https://bugs.launchpad.net/neutron
- Block Storage (Cinder): https://bugs.launchpad.net/cinder
- Common Code (Oslo): https://bugs.launchpad.net/oslo
- Review code to learn a project and find security issues (we recommend starting with just one project before branching out too much)
- Compute (Nova): https://github.com/openstack/nova
- Object Storage (Swift): https://github.com/openstack/swift
- Image Service (Glance): https://github.com/openstack/glance
- Identity (Keystone): https://github.com/openstack/keystone
- Dashboard (Horizon): https://github.com/openstack/horizon
- Networking (Neutron): https://github.com/openstack/neutron
- Block Storage (Cinder): https://github.com/openstack/cinder
- Common Code (Oslo): https://github.com/openstack/oslo-incubator
Developers, Experienced with OpenStack
- Security leadership on specific OpenStack project
- SIG people with both a strong security background and a strong OpenStack background to work as core developers on projects. These people would help serve as the link between OSSG and the OpenStack project by:
- Identifying areas where the code should be improved
- Writing blueprints for security features related to that project
- Ensuring relevant reviews are marked with SecurityImpact tags
- Leveraging OSSG members to help solve security problems
- Become a trusted security resource among the core developers
- This is a position that one grows into by demonstrating good work over time. This is not something where you are simply appointed. If you are interested, OSSG can help get you started.
- Identify security-relevant code reviews and tag as SecurityImpact
- Review code reviews tagged as SecurityImpact
- Notifications come to the openstack-security mailing list
- https://review.openstack.org/#/q/message:SecurityImpact+is:open,n,z
- Review blueprints
- Compute (Nova): https://blueprints.launchpad.net/nova
- Object Storage (Swift): https://blueprints.launchpad.net/swift
- Image Service (Glance): https://blueprints.launchpad.net/glance
- Identity (Keystone): https://blueprints.launchpad.net/keystone
- Dashboard (Horizon): https://blueprints.launchpad.net/horizon
- Networking (Neutron): https://blueprints.launchpad.net/neutron
- Block Storage (Cinder): https://blueprints.launchpad.net/cinder
- Common Code (Oslo): https://blueprints.launchpad.net/oslo
- Write security-relevant blueprints
Security Architects
- Review / edit / add to the OpenStack Security Guide
- Webpage: http://docs.openstack.org/sec/
- DocBook Source: https://github.com/openstack/security-doc/tree/master/security-guide
- Review / edit / create OSSNs
- Review blueprints (see links in developer section above)
- Write security-relevant blueprints
Writers / Editors
- Initial setup instructions can be found at the Documentation First Timer's How To page: https://wiki.openstack.org/wiki/Documentation/HowTo/FirstTimers
- Once those steps are complete, you can help review / edit the OpenStack Security Guide
- Webpage: http://docs.openstack.org/sec/
- DocBook Source: https://github.com/openstack/security-doc/tree/master/security-guide
- List of Enhancements / Bugs: https://bugs.launchpad.net/openstack/+bugs?field.tag=sec-guide
- Open a new Enhancement / Bug: File a bug on https://bugs.launchpad.net/openstack-manuals/+filebug and tag it with "sec-guide". Option for tags is available under "Extra options".
- Review / edit OSSNs
QA / Automation / Software Development Engineer in Test (SDET)
- Add security testing to current test suites
- Add security tests to OS projects
- Learn to identify and file Security Bugs
- Identify open bugs and/or report security bugs that you can work on to learn a project (we recommend starting with just one project before branching out too much)
- Compute (Nova): https://bugs.launchpad.net/nova
- Object Storage (Swift): https://bugs.launchpad.net/swift/
- Image Service (Glance): https://bugs.launchpad.net/glance
- Identity (Keystone): https://bugs.launchpad.net/keystone
- Dashboard (Horizon): https://bugs.launchpad.net/horizon
- Networking (Neutron): https://bugs.launchpad.net/neutron
- Block Storage (Cinder): https://bugs.launchpad.net/cinder
- Common Code (Oslo): https://bugs.launchpad.net/oslo
Other Tasks
- Create / update common OSSG presentation slides