-
-
Each step of the hermes workflow produces output files in the `.hermes` directory. Most of these are either not valid JSON-LD, or contain errors (e.g., switching up authors and their email addresses).…
-
## Challenge Description
When
* starting a new project, or
* moving an existing project into another domain, or
* maintaining your project for a long period of time,
you somehow need to f…
-
## Background
Now different attesters in [cc-KBC](https://github.com/confidential-containers/attestation-agent/tree/main/src/kbc_modules/cc_kbc/attester) (like [tdx](https://github.com/confidential…
-
during the specification meeting, when reviewing the Terms and Definitions, it was called out that the usage of "provenance" is very specific to NIST and differs from the SLSA,etc definition. while th…
-
Revert some changes from https://github.com/beda-software/aidbox-sdc/commit/b0bb3838f59b880a2c0720a55bbf2dcc7584b030
We decided to revert it because it can lead to potential bugs connected to cha…
-
As part of improving supply chain security, [SLSA](https://slsa.dev) provides a framework to guarantee the integrity of software artefacts, with different levels of compliance.
One of the main conc…
-
This sort of relates to Issue opencadc/caom2#66 and the question of cardinality.
Planes are often produced from an ensemble of software, not a single application. In the case of ALMA MS data, in…
-
> **NOTE:** this issue was initially posted on the https://github.com/slsa-framework/slsa-github-generator repo and transferred here without modification.
Hello :wave:
Not really an issue but ra…
-
### Summary
All reports published by security companies prove that Software Supply Chain Attacks are on the rise. There is no doubt that they will continue to increase in the coming years. With this …