Covers horizontal security initiatives for the Kubernetes project, including regular security audits, the vulnerability management process, cross-cutting security documentation, and security community management.

The charter defines the scope and governance of the Security Special Interest Group.

Joining the mailing list for the group will typically add invites for the following meetings to your calendar.

• Regular SIG Meeting: Thursdays at 9:00 PT (Pacific Time) (biweekly). Convert to your timezone.
  • Meeting notes and Agenda.
  • Meeting recordings.

The Chairs of the SIG run operations and processes governing the SIG.

• Ian Coldwater (@IanColdwater), Twilio
• Tabitha Sable (@tabbysable), Datadog

• Slack: #sig-security
• Mailing list
• Open Community Issues/PRs
• GitHub Teams:
  • @kubernetes/sig-security-leads - SIG Security Leads
  • @kubernetes/sig-security-pr-reviews - SIG Security PR review notifications
• Steering Committee Liaison: Stephen Augustus (@justaugustus)

The following working groups are sponsored by sig-security:

• WG LTS

The following subprojects are owned by sig-security:

Security self assessments for upstream projects

• Owners:
  • kubernetes/sig-security/sig-security-assessments
• Contact:
  • Slack: #sig-security-assessments

Third Party Security Audit

• Owners:
  • kubernetes/sig-security/sig-security-external-audit

Security Documents and Documentation

• Owners:
  • kubernetes/sig-security/sig-security-docs
• Contact:
  • Slack: #sig-security-docs

Development and Enhancements of Security Tooling

• Owners:
  • kubernetes/sig-security/sig-security-tooling
• Contact:
  • Slack: #sig-security-tooling

SIG Security discussions, documents, processes and other artifacts

• Owners:
  • kubernetes/sig-security
• Contact:
  • Slack: #sig-security