-
Users of Taquito would like assurance that Taquito packages are secure and untampered via software supply chain attacks
**Describe the solution you'd like**
Investigate the use of [sigstore.dev …
-
This PR is for rough ideas on topics and structuring of the book.
- Introduction
- Why security for research software?
- Credentials
- Managing credentials in code
- Time limited access…
-
**Is your feature request related to a problem? Please describe.**
Adding a software bill of materials ([SBOM](https://en.wikipedia.org/wiki/Software_supply_chain)) has several advantages:
- Pos…
-
# Feature Request
### System information
ONNX version (you are using): v1.11.0
### What is the problem that this feature solves?
Signing of software artifacts has become now a standard in secu…
-
It appears that Gitlab can provide dependency lists for projects https://docs.gitlab.com/ee/user/application_security/dependency_list/.
See:
- https://gitlab.com/gitlab-org/gitlab/-/blob/master/e…
-
### Summary
Hi there! I wonder if scicookie as a cookiecutter template could generate SLSA3 provenance for Python-based build artifacts (the source distribution and wheels) in the template files by d…
-
ARM architecture is make enormous strides in the software-defined datacenter environment. Specifically, hyperscale cloud providers are looking at ARM architecture as a way to diversify the CPU supply …
-
**❗ please do not add sensitive information in issues, you can provide extra information via email using issue number as reference ❗**
**Describe the issue**
I would like to provide an SBOM softwa…
-
Dependency Management is a hot topic for the software supply chain these days. It would be nice to have a dedicated category for that. It could include both dependency update automation (Dependabot, R…
-
Security is of critical importance to Adoptium in order to maintain the trust of its community in the integrity of the work that it does. There are evolving market requirements for software providers …