-
## Vulnerabilities found for argoexec:3.4.16
```
For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project t…
-
I suggest we generate [OpenSSF Scorecards](https://securityscorecards.dev/) for each project we add to PQCA (and consider same for open-quantum-safe - I can open there)
We are offering assets in th…
-
**Objective**: Assess additional frameworks raised in the [7/26 SLSA Positioning SIG meeting](https://docs.google.com/document/d/1tpPOXVzNSwtpWA7cXhTPLAO6HIP50obUvoP85XqgVHM/edit#
).
**Outcomes*…
-
## Vulnerabilities found for katib-ui:v0.17.0
```
For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project …
-
## Vulnerabilities found for suggestion-goptuna:v0.17.0
```
For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in you…
-
### Supply chain issues
Security is as strong as the weakest link.
### OSS Supply chain attacks are real:
https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises
### …
-
**Is your feature request related to a problem? Please describe.**
Open-source supply-chain attacks are [increasing every year][sonatype]. Beyond the infamous [SolarWinds][solarwinds] and [Codecov][c…
-
**User Story**
As a cluster operator, i want to know the list of dependencies Cluster API brings for assurance within our organisation's software supply chain.
**Detailed Description**
* Cr…
-
Adding semantics to PTEL for rotation and transfer.
- Two additional semantics
- Rotation (non-cooperative transfer)
- Control stays within the same KEL and the same TEL
- Use case: as…
-
### What is the problem this feature will solve?
Recent malicious supply chain attacks have seen binary files slipped into a package (as test files in that case) that served as an attack vector. Coul…