-
Implement a Scorecards supply-chain security job within the CI/CD pipeline to systematically evaluate and score the security postures of all dependencies in the software supply chain. This job will ut…
-
Public Sector CNCF Members are seeing Government Customer focus on securing software supply chains and receiving attestations. These attestations need to be signed and have provenance bridge across mu…
-
Updated AWS public resources here reference IRAP/ISM and would improve guidance
https://aws.amazon.com/blogs/security/aws-customer-compliance-guides-now-publicly-available/
Also worth increasi…
adonm updated
4 months ago
-
Now that we have a prototype (related: https://github.com/adoptium/temurin-build/issues/2594), we would like to investigate creating an extension via a popular/standard way of defining the same inform…
-
This issue covers setting up a secure supply chain for all the software we provide, both for Kubernetes and non-Kubernetes use cases.
In particular, #83 has some setup for how we will push a conta…
-
https://www.docker.com/press-release/atomist-acquisition-helps-meet-challenge-of-securing-software-supply-chains-for-development-teams/
-
Hello,
github runner images team here.
we are looking for securing supply chains when adding software to CI images.
are there checksum available ? or maybe some recommended validation approach.…
-
@SantiagoTorres
I would like to suggest the addition of software supply chain tracking criteria to the CII Badge process. The addition of cryptographically signed and validated steps in the softw…
-
Dear all,
Recently, there have been a number of software supply chain attacks. Basically, malicious persons push malicious code in open-source software:
Spoon is concerned by this problem, bec…
-
We need to perform a stakeholder analysis is to outline the key stakeholders and their needs for the project. It is important to have a clear understanding of each stakeholder and what they are expect…