Thanks all.

I will be able to go through the guidance Anand provided next week ASAP.  

If there is anything else that should be done on our side for onboarding(or anything we could help with), please feel free to let me know.
 
--
Jeremy Choi / Red Hat Product Security


On Sat, Jan 22, 2022 at 6:19 AM Karsten Wade <kwade@redhat.com> wrote:
Yes, I included onboarding as a purview of SIG-Community, at least until we form SIG-Onboarding. :D

Having RapiDAST as our first new community connecting since the new governance is a great way to check on what we have and what we need for this.

On Fri, Jan 21, 2022 at 1:03 AM Marcel Hild <mhild@redhat.com> wrote:
Karsten and sig-community, 
while sig-operations can handle the technical onboarding (as Anand did) and also decide if operations of said service should be part of the community cloud platform offering, we should also come up with some process on welcoming and onboarding the RapiDAST community to operate first. Maybe a good discussion topic for the next sig-community meeting

On Fri, Jan 21, 2022 at 7:17 AM Anand Sanmukhani <asanmukh@redhat.com> wrote:
Hey Jeremy, RapiDAST looks like an awesome project! I think it would be a great addition to the list of services deployed in Operate First clusters.

> For onboarding, implementation of an operator and work to get it onboard is yet to be done. Any guidance or references on processes, requirements or implementation will be much appreciated.

To get started, I would suggest you request a namespace with appropriate resources on one of our clusters (the MOC/Smaug cluster should have enough resources available for you). To do so, you can follow the instructions here
Once you get access to a namespace, you can deploy RapiDAST there and work on figuring out the implementation details for the operator. 

Please let us know if the steps listed in the docs don't work for you, we are constantly trying to improve on our documentation and any feedback is appreciated.

- Anand

On Fri, Jan 21, 2022 at 12:02 AM Jeremy Choi <jechoi@redhat.com> wrote:
Hi all

RapiDAST is made public now at https://github.com/RedHatProductSecurity/rapidast.

RapiDAST is currently providing a framework for automated dynamic scanning against web API. The goal here in terms of OperateFirst is: 

RapiDAST to be running as a service for the community hosted on operate first clusters. Any service running on operate first and any other community service can use RapiDAST to check for security risks in their API.

For onboarding, implementation of an operator and work to get it onboard is yet to be done. Any guidance or references on processes, requirements or implementation will be much appreciated.

Thanks
--
Jeremy Choi / Red Hat Product Security
_______________________________________________
Community mailing list -- community@lists.operate-first.cloud
To unsubscribe send an email to community-leave@lists.operate-first.cloud
_______________________________________________
Community mailing list -- community@lists.operate-first.cloud
To unsubscribe send an email to community-leave@lists.operate-first.cloud
_______________________________________________
Community mailing list -- community@lists.operate-first.cloud
To unsubscribe send an email to community-leave@lists.operate-first.cloud


--
Karsten Wade [he/him/his] | Senior Community Architect | @quaid
Red Hat Open Source Program Office (OSPO) : @redhatopen
The Open Source Way : https://theopensourceway.org
Operate First : https://operate-first.cloud