tifications/unsubscribe/one-click/AFIGSX3SV257LNNZ2P67OAD4C7ZYNANCNFSM6AAAAACO4TJW2M> List-Unsubscribe-Post: List-Unsubscribe=One-Click X-GitHub-Notify-Platform: newsies X-Auto-Response-Suppress: All destinations: github@josie.lol X-GitHub-Recipient-Address: github@josie.lol X-DKIM: signer='github.com' status='pass' reason='' DKIMCheck: Server passes DKIM test, 0 Spam score X-Spam-Score: 1.6 (+) X-Spam-Report: Spam detection software, running on the system "witcher.mxrouting.net", has performed the tests listed below against this email. Information: https://mxroutedocs.com/directadmin/spamfilters/ --- Content analysis details: (1.6 points) --- pts rule name description ---- ---------------------- ----------------------------------------- 0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#DnsBlocklists-dnsbl-block for more information. [192.30.252.208 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [192.30.252.208 listed in wl.mailspike.net] 1.5 HTML_MESSAGE BODY: HTML included in message 1.3 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager -0.0 DKIMWL_WL_HIGH DKIMwl.org - High trust sender SpamTally: Final spam score: 16 ----==_mimepart_69494d866c376_be10d051644 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit @jpower432 commented on this pull request. > +* [Slack channel](https://cloud-native.slack.com/archives/C09TLL22PK9) + +## Planned Milestones + +### Milestone 1: CNSC Gemara-compatible Release Process + +**Goal:** Convert existing controls into a standardized, machine-readable format that can automatically generate artifacts in a continuous release pipeline, such as markdown, PDF, and/or web page. + +| **Checkpoint** | **Activity Description** | +|:---------------|:------------------------------------------------------------------------------------------------------| +| 1.1 | Parse and format existing controls to a [Gemara](https://gemara.openssf.org/)-based Guidance Document | +| 1.2 | Set up basic tooling and pipeline for release artifacts | + +### Milestone 2: Project-specific Gemara Compatibility Assessment + +**Goal:** Determine the value of a longstanding sub-project aimed at creating technology-specific artifacts, pausing to assess practicality after creating detailed threat catalogs. I agree. The main output would be resources that could be shared or that could help projects create their own artifacts. I think establishing a sub-project would provide lifecycle management of those resources, where we could add things like additional compliance mappings or help projects adopt the resources. -- Reply to this email directly or view it on GitHub: https://github.com/cncf/toc/pull/1989#discussion_r2639951497 You are receiving this because you are subscribed to this thread. Message ID: ----==_mimepart_69494d866c376_be10d051644 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

@jpower432 commented on this pull request.

In tags/tag-security-and-compliance/initiatives/cloud-native-security-= controls-catalog/README.md:

> +* [Slack channel](https://cloud-native.sl=
ack.com/archives/C09TLL22PK9)
+
+## Planned Milestones
+
+### Milestone 1: CNSC Gemara-compatible Release Process
+
+**Goal:** Convert existing controls into a standardized, machine-readabl=
e format that can automatically generate artifacts in a continuous releas=
e pipeline, such as markdown, PDF, and/or web page.
+
+| **Checkpoint** | **Activity Description**                             =
                                                 |
+|:---------------|:-----------------------------------------------------=
-------------------------------------------------|
+| 1.1            | Parse and format existing controls to a [Gemara](http=
s://gemara.openssf.org/)-based Guidance Document |
+| 1.2            | Set up basic tooling and pipeline for release artifac=
ts                                               |
+
+### Milestone 2: Project-specific Gemara Compatibility Assessment
+
+**Goal:** Determine the value of a longstanding sub-project aimed at cre=
ating technology-specific artifacts, pausing to assess practicality after=
 creating detailed threat catalogs.

I agree. The main output would be resources that could be= shared or that could help projects create their own artifacts. I think e= stablishing a sub-project would provide lifecycle management of those res= ources, where we could add things like additional compliance mappings or = help projects adopt the resources.

&m= dash;
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this bec= ause you are subscribed to this thread.3D""M= essage ID: <cncf/toc/pull/1989/review/3604156286@github.com>

= ----==_mimepart_69494d866c376_be10d051644-- From - Mon Dec 22 13:59:00 2025 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: Delivered-To: hi@josie.lol Received: from witcher.mxrouting.net by witcher.mxrouting.net with LMTP id WCfTG6BOSWl7ISUAYBR5ng (envelope-from ) for ; Mon, 22 Dec 2025 13:58:56 +0000 Return-path: Envelope-to: github@josie.lol Delivery-date: Mon, 22 Dec 2025 13:58:56 +0000 Received: from out-24.smtp.github.com ([192.30.252.207]) by witche