-
Should we discuss the situation around polyfill.io?
Subj:
https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-websites-all-you-need-to-know
Background:
https://blog.cloud…
-
### Related Problem
Background: Supply chain attacks are becoming an increased vector for compromise.
Most recently, the open source library xz was compromised via a bad actor who inserted malic…
-
# Signing ML Artifacts: Building towards tamper-proof ML metadata records
**Authors:**
* Mihai Maruseac
* Daniel Major
* Eoin Wickens
## **Summary**
Cryptographic signing is widely used th…
-
### What's wrong?
Without further customizing, the Grafana Alloy Helm chart spawns the config-reloader pod `ghcr.io/jimmidyson/configmap-reload:v0.12.0`, see [`configReloader` section in values.yaml]…
-
Currently, it is very "leet" code that's hard to inspect. What we need is at least some guarantee that it's side effect free.
https://www.npmjs.com/package/busboy
https://github.com/mscdex/busbo…
-
From OEP-60: https://open-edx-proposals.readthedocs.io/en/latest/processes/oep-0060-proc-sec-group.html#focus-on-proactive-security-improvements
Example of problems: outdated or deprecated dependenci…
-
**Is your feature request related to a problem? Please describe.**
No
**Describe the solution you'd like**
We should highlight some of the supply-chain CVD processes and concerned areas.
**D…
-
## August 20, 2024
_day-of-week_ DD MMM yyyy - _time_ EST / _time_ UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project lead…
-
https://github.com/goreleaser/goreleaser-example-supply-chain
-
File: https://github.com/OpenSourceFellows/amplify/pull/956
_Copilot prompts are in quotes_
- [ ] Check which files are affected "@workspace which files use express and body parser"
- [ ] For each …