-
Based on the best practices site, is there a section where we can add in reference implementation of the architecture of what the best practices would look like in software supply chain security. We h…
-
https://www.youtube.com/watch?v=7LFftXcw1jA&list=PLjxrf2q8roU3LvrdR8Hv_phLrTj0xmjnD&index=3
-
### Application contact emails
ravi@chamarthy.dev
rchincha@cisco.com
### Project Summary
a vendor-neutral OCI-native container image builder
### Project Description
Software supply cha…
-
As a development process developer, software supply chain integrity of Superfluid development process should be improved for Javascript projects (inc. NodeJS, Typescripts) to improve maintainability a…
-
### Feature description
Generate a software-bill-of-materials (SBOM) supply-chain security artifact in CI.
### Value and/or benefit
Improve supply-chain security by generating a SBOM artifact in CI…
-
Implement a Scorecards supply-chain security job within the CI/CD pipeline to systematically evaluate and score the security postures of all dependencies in the software supply chain. This job will ut…
-
### Tool or Product name
Polaris Software Integrity Platform
### Open Source or Proprietary
proprietary
### Company or Organization name
Synopsys
### Organization or Company Logo Usage
- [X] Al…
-
See this guide https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
It may be useful to map our checks to this framework
-
Been listening to a [Software Supply Chain Security talk](https://www.youtube.com/watch?v=V3SrFyMxmq4&ab_channel=CloudNativeRejekts). It might be a nice to have now - but i think sooner or later we'll…
-
## 📚 Context
### Problem:
Currently, there is a lack of visibility into the build process and contents of Docker images used in the project. This makes it challenging to assess the security ris…