-
Hi there,
An npm package called 'ing-web' is unrightfully marked as malware: https://github.com/advisories/GHSA-5fx7-hqw3-mg99
However, the malicious code is already removed from the registry for…
-
In practice, that means you won’t need GPG keys and a complicated setup in order to sign your Git commits.
After installing and configuring Gitsign within your project and signing your commits, you w…
-
Originally raised as https://github.com/pypi/warehouse/issues/12244 but they asked me to open it here instead. See that issue for the background.
**What's the problem this feature will solve?**
Ma…
-
- Site: [https://example.com](https://example.com)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 3:
- [https://example.com](https://example.com)
- [http…
-
This issue tracks the PO SSDF items and will also contain more detail for them:
Work that addresses these items can reference this epic issue.
- PO.1.1: Identify and document all security requir…
-
Open Source is everywhere. It is in many proprietary codebases and community projects. For organizations and individuals, the question today is not whether you are or are not using open-source code, b…
-
**Is your feature request related to a problem? Please describe.**
tbd
**High-level Goals**
With the current provenance checking method, we provide some valid to the user, to increase the potenti…
-
**Is your feature request related to a problem? Please describe.**
To improve security of Presidio and to avoid potential supply chain attacks, the project should apply at least one dynamic analysi…
-
### Summary
Hi there! I wonder if scicookie as a cookiecutter template could generate SLSA3 provenance for Python-based build artifacts (the source distribution and wheels) in the template files by d…
-
Hi 👋
I'm Ian, working on behalf of Google and the [Open Source Security Foundation (OpenSSF)](https://openssf.org/) to help open source projects to improve their supply chain security.
After so…