Could you provide a link to a resource that fulfills the following requirement of the Incubating Stage - "Clearly documented security processes explaining how to report security issues to the project, and describing how the project provides updated releases or patches to resolve security vulnerabilities". Thanks!

Hi @Jenniferstrej please find our security process here https://github.com/keptn/keptn/blob/master/SECURITY.md and our published vulnerability bulletins can be found here https://keptn.sh/docs/news/vulnerability_bulletins/

Due diligence document: https://docs.google.com/document/d/14qFAc6kxhWX_JLMUKddgELcymaRw6jmhsq0OYxrHtc0/edit#

I will be TOC sponsor. Will begin post Kubecon

Hi @cdavisafc! Just to follow up on the emails I've sent, I will be coordinating this proposal on the Keptn community side. It would be great to sync-up with you and check the current status together. I see the formal incubation requirements but I'm not yet familiar with the CNCF practices

Just a few updates to address the topics brought up during the previous conversations with the TOC:

• Adoption. Growing Keptn adoption is our priority and my main responsibility at Dynatrace. Currently we have 14 company adopters whose names we can share. We also have 64 running Keptn Instances regularly receiving updates from the public update centers, there are also airgapped instances. There are multiple other companies evaluating Keptn now.
• Roadmap. We updated the Keptn Roadmap to include initiatives beyond project features. Now the roadmap includes user and developer community growth initiatives, as well as other items like onboarding documentation and messaging updates. We are adjusting the feedback based on feedback from the adopters, and we use Keptn user group meetings to collect feedback from users on the current state and the roadmap.
• Ecosystem. We extend integrations with other CNCF projects, including but not limited to Helm, Prometheus, CloudEvents, OpenTelemetry, Crossplane. We introduced generic Webhook and Job Executor services to enable custom integrations created by users. We also contribute to the Continuous Delivery Foundation Events SIG that is working on the CD Events standard based on CloudEvents. All these initiatives allow to facilitate Keptn adoption and to provide seamless integration into environment following the CNCF best practices.
• Sustainability. We prioritized Keptn long-term sustainability, and we are committed to fostering a diverse and vendor neutral community. Effective January, there will be a non-Dynatrace core maintainer in the project. We are also working on onboarding more contributors from other companies. We adjust community processes to enable other companies and vendors to participate. Hopefully, we will have another Keptn vendor joining the community by Kubecon.
• Security. Keptn’s 3rd party security audit by the CNCF partner is scheduled to February. I am also working on making available results of the internal audit and aligning the security processes with the standards defined in the Core Infrastructure Initiative requirements. We also work on strengthening the projects security, including the ongoing work on RBAC support in the project. See KEP-60: KEP 60 - Role-based Access Control (RBAC) keptn/enhancement-proposals#60

Appreciated guys! Thanks for the open source SRE tool