-
Public Sector CNCF Members are seeing Government Customer focus on securing software supply chains and receiving attestations. These attestations need to be signed and have provenance bridge across mu…
-
Description: what's your idea?
Impact: Describe the customer impact of the problem. Who will this help? How
will it help them?
Scope: How much effort will this take? ok to provide a range of o…
-
Follow up for #70
We should include an SBOM field to artifact events.
The first consumer of this field will be guac.sh.
-
## Suggested agenda
1. Software Defined Vehicle / Eclipse SDV [1] – how will a future software
supply chain will look like and what needs to be expected with OTA-updates in
the vehicles?
2. Cat…
-
### Problem
> Any software can introduce vulnerabilities into a supply chain. As a system gets more complex, it’s critical to already have checks and best practices in place to guarantee artifact i…
-
## What is the proposed Cheat Sheet about?
The CS will provide an on overview of SSCS, its relevance to developers, and practical guidance on improving the security of SSCs.
## What security…
-
using OpenSSF best practices
Also create seccomp & apparmor profiles for running in containers securely
-
### Summary
Course that covers the steps to create a secure software supply chain to validate the components at each stage in the development lifecycle of a product.
### Outcome
Learners will be…
-
## Description
The PURIS Mini-App, initially released with standards including ItemStock, DemandExchange, ProductionOutput, and DeliveryInformation in R24.05, is set to receive further enhancements…
-
SLSA offers:
- A common vocabulary to talk about software supply chain security
- A way to secure your incoming supply chain by evaluating the trustworthiness of the artifacts you consume
- An ac…