-
A number of SW supply chain (SWSC) best practices frameworks have come out of CISA, NIST, and the OpenSSF. This issue tracks the implementation plan for meeting these practices.
Implementing these …
-
https://deps.dev/go/github.com%2Fsmallstep%2Fcli/v0.16.1
dopey updated
3 years ago
-
**Context:**
We are addressing the need to upgrade from `deps.dev/api/v3` to `deps.dev/api/v3alpha` to implement batch querying, which will significantly speed up our runtime as highlighted in https:…
-
## Context
The [OSSF Scorecard](https://github.com/ossf/scorecard) is a standardized metric that measures repository security based on a risk assessment.
This score is currently available as a repo b…
-
RFC to track Governing Board Dependability Pillar 2024 Security Goals
- Zephyr Project shall facilitate product developers to be able to align with security requirements for products as required and…
-
As the maintainer of the source2adoc project,
I want to create a Proof of Concept (PoC) for integrating OpenSSF Scorecard
So that I can evaluate the security and health of the project both locally a…
-
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance security pract…
-
We'd like to take on various projects to strengthen our security posture and make our (and our customer's) supply chain secure.
There are some related tasks in here that are not strictly about securi…
-
Now that the MVP exists, let's talk about building/expanding upon it. Some ideas include but are not limited to:
## Front-end
- [x] Timeboxed Reports for Projects (Weekly/Monthly)
- [x] Timeboxed…
-
Hey, I'm Diogo and I've raised the issues #357 and #365 contributing with some security enhancements. I'll happily continue contributing with such improvements (it's literally my job, see [my profile]…