Rohan Krishnamurthy (Github-Handle: @RoKrish14) has made an impact on setting up of sig-security under the Eclipse Tractus-X.
Rohan is an active member of the SIG-security team. His primary role is to manage tasks such as code reviews as a security expert and providing support to keep the automation of security tools up and running that are mandated as part of TRG 8.0 Security (https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/681).
Furthermore, with the role as a committer, he would also be extending his support with access to security tab.
Contribution to SIG-security
1. New Template and announcements by RoKrish14 · https://github.com/eclipse-tractusx/sig-security/pull/48
2. Updates to SIG-security by RoKrish14 · https://github.com/eclipse-tractusx/sig-security/pull/65
3. eclipse-tractusx/sig-security · https://github.com/eclipse-tractusx/sig-security/discussions
Support to security tooling
1. [Security Tooling] Digital Product Pass Trivy always failing because of False Positive · https://github.com/eclipse-tractusx/sig-security/issues/44
2. feat: dast scan integration by wolf4ood · https://github.com/eclipse-tractusx/tractusx-edc/pull/1072
3. ci(owasp-dast): added workflow for DAST by tom-rm-meyer-ISST · https://github.com/eclipse-tractusx/puris/pull/252#pullrequestreview-18…
4. docs: publish Dependabot TRG by tomaszbarwicki · https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/659
5. chore: add automated DAST scanning (courtesy of @RoKrish14). by drcgjung · https://github.com/eclipse-tractusx/knowledge-agents/pull/90
6. SAST Scans using CodeQl by RoKrish14 · https://github.com/eclipse-tractusx/bpdm/pull/794
7. SAST Scans using CodeQL by RoKrish14 · https://github.com/eclipse-tractusx/bpdm-certificate-management/pull/73
Support towards release planning:
His contributions during release planning were evident as he proactively reached out to relevant contacts and guided the approvals for security scans for versions 23.12 and 24.03. His commitment extends to the upcoming release of the version 24.05.
Security open-hour meeting:
Additionally, he will moderate the bi-weekly Security Open-Hour meetings, facilitating discussions on security-related topics.
It is my pleasure to nominate Rohan as a committer on Eclipse Tractus-X.
| Voter | Vote | Comments |
|---|---|---|
| Siegfried Kiermayer | +1 | +1 implied by nomination |
| Enrico Risa | +1 | |
| James Marino | +1 | |
| Jaro Hartmann | +1 | |
| Evelyn Gurschler | 0 | General tendency for +1, but having a hard time due to approval (without any comment addressing it) of PR https://github.com/eclipse-tractusx/tractusx-edc/pull/1072 with DEPENDENCIES file containing restricted dependencies |
| Muhammad Saud Khan | +1 | |
| Sujit Karne | +1 | |
| Gábor Almádi | +1 | |
| Mathias Brunkow Moser | +1 | I am in favor to his election, we need good committers that can manage the security of our repositories! He manages really good the open source tools and security tab at the github respository. You get my +1 specially for the open source collaboration with us when we had a problem in our repository Trivy Scan: https://github.com/eclipse-tractusx/sig-security/issues/44 Also he collaborates in the Matrix chat, which is important for working open source: https://chat.eclipse.org/#/room/!oXNwXGsvkbDUMiQhms:matrix.eclipse.org/$SoXUHepwJf2ze_CteUUQKWLfZtWplMSAmS1P3RzAg9Y?via=matrix.eclipse.org&via=matrix.org&via=beeper.com |
| Malte Hellmeier | 0 | Sometimes, the DEPENDENCIES files aren't up to date. |
| Sebastian Bezold | +1 | The list of contributions is a bit "thin", but I can see, that with focus on the security role, you cannot make everything public. I'm especially happy about him moderating the Security Office Hours and being available for the general Office hour. This further shows, that he cares about the project |
| Martin Rohrmeier | +1 | |
| Tunahan Cicek | +1 | |
| Tuncay Tunc | +1 | |
| Phil Schneider | 0 | |
| Sebastian Scherer | 0 | |
| Fabian Grün | +1 |
PMC Approval
- Harald Mackamul (+1) Welcome!