-
### Organization Name
World Kinect Corporation
### Organization Website
https://world-kinect.com
### Organization Logo (optional)
https://avatars.githubusercontent.com/u/43382006?s=400&u=c45feb70…
-
from @ewels
Seeing more and more people ask about SBOM documents for pipelines / containers (software bill of materials). It looks like Trivy can generate SBOMs. Is this something that we could get …
-
I am just proposing an expanded definition for d3f:SourceCode...
```turtle
:SourceCode a owl:Class,
owl:NamedIndividual,
:ReferenceType ;
rdfs:label "Source Code" ;
sko…
-
### Application contact emails
ravi@chamarthy.dev
rchincha@cisco.com
### Project Summary
a vendor-neutral OCI-native container image builder
### Project Description
Software supply cha…
-
## Date
Thursday 20 Jun 2023 - 09:00 EST / 14:00 UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are responsibl…
-
Since 2013, A9 has been a single risk in a domain where there are hundreds of potential risks, many of which impact security.
IMO, "Using components with known vulnerabilities" is too specific and …
-
Based on the best practices site, is there a section where we can add in reference implementation of the architecture of what the best practices would look like in software supply chain security. We h…
-
https://www.youtube.com/watch?v=7LFftXcw1jA&list=PLjxrf2q8roU3LvrdR8Hv_phLrTj0xmjnD&index=3
-
As a development process developer, software supply chain integrity of Superfluid development process should be improved for Javascript projects (inc. NodeJS, Typescripts) to improve maintainability a…
-
See this guide https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
It may be useful to map our checks to this framework