-
## What is the proposed Cheat Sheet about?
The CS will provide an on overview of SSCS, its relevance to developers, and practical guidance on improving the security of SSCs.
## What security…
-
This issue covers setting up a secure supply chain for all the software we provide, both for Kubernetes and non-Kubernetes use cases.
In particular, #83 has some setup for how we will push a conta…
-
@SantiagoTorres
I would like to suggest the addition of software supply chain tracking criteria to the CII Badge process. The addition of cryptographically signed and validated steps in the softw…
-
SLSA offers:
- A common vocabulary to talk about software supply chain security
- A way to secure your incoming supply chain by evaluating the trustworthiness of the artifacts you consume
- An ac…
-
from @ewels
Seeing more and more people ask about SBOM documents for pipelines / containers (software bill of materials). It looks like Trivy can generate SBOMs. Is this something that we could get …
-
k
-
during the specification meeting, when reviewing the Terms and Definitions, it was called out that the usage of "provenance" is very specific to NIST and differs from the SLSA,etc definition. while th…
-
Jira ticket: https://cncfservicedesk.atlassian.net/browse/CNCFSD-2006
Help design and implement a page on the tag security site to interactively list software supply chain security tools.
-
## Date
Thursday 20 Jun 2023 - 09:00 EST / 14:00 UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are responsibl…
-
I am just proposing an expanded definition for d3f:SourceCode...
```turtle
:SourceCode a owl:Class,
owl:NamedIndividual,
:ReferenceType ;
rdfs:label "Source Code" ;
sko…