-
Adding Pandoc version used in our tool as API endpoint info
Possible solutions:
- Add information RStudio IDE JSON https://www.rstudio.com/wp-content/downloads.json
- Add information in our JSO…
-
### Session description
This session will be a precursor to our upcoming workshop, [Secure the Web Forward](https://www.w3.org/2023/03/secure-the-web-forward/), which aims to increase the overall sec…
torgo updated
12 months ago
-
In practice, that means you won’t need GPG keys and a complicated setup in order to sign your Git commits.
After installing and configuring Gitsign within your project and signing your commits, you w…
-
David Britch pointed out that the topic on security best practices related to managing packages could be better surfaced. I agree. Perhaps linking directly to the actionable steps starting with this…
-
-
* https://en.wikipedia.org/wiki/List_of_software_package_management_systems
* https://en.wikipedia.org/wiki/Category:Software_distribution_platforms
* https://en.wikipedia.org/wiki/List_of_mobile_so…
-
**Feature request**
Some vulnerabilities are only present if a dependency is brought in directly exposed by direct dependency. In some cases, the vulnerability does not exist if the dependency is a…
-
Currently, the Scudo PURE specifies that every image must have a mapping to the in-toto layout to use to verify its software supply chain. @trishankatdatadog noted in https://github.com/uptane/pures/p…
-
Present Provisioning Infra lets one provision 1. Endorsements ( like Trust Anchors) and 2. Reference Values ( like Software Components) independently as they could appear from different supply chain a…
-