-
## Date
_day-of-week_ DD MMM yyyy - _time_ EST / _time_ UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are res…
-
See this guide https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
It may be useful to map our checks to this framework
-
Description: Create a mapping from various open source tools to the supply chain security whitepaper. I have an initial draft of a spreadsheet available [here] (https://docs.google.com/spreadsheets/d/…
-
Hello,
We are considering using the project inside our company. However, our Security Team asked us do to a review on the project security, using scorecards like https://scorecard.dev/viewer/?uri=g…
-
**Github username:** --
**Twitter username:** --
**Submission hash (on-chain):** 0x5ad0f3bda268d9823484d3daaf55a1f34a7ba6371ed7e47b652a10d2adc43005
**Severity:** high
**Description:**
**Description*…
-
Coming here from the results of a supply chain security analysis of this repository that we Orijtech Inc engaged Chainguard Inc, to perform on behalf of the Cosmos ecosystem. The report is at https://…
-
This issue covers setting up a secure supply chain for all the software we provide, both for Kubernetes and non-Kubernetes use cases.
In particular, #83 has some setup for how we will push a conta…
-
### Type
Suggestions for Improvement
### What would you like to report?
**Context**
One of the parts of the supply chain in modern ML systems is MLOps software - like i.e. MLFlow, Prefect et…
mik0w updated
2 months ago
-
@SantiagoTorres
I would like to suggest the addition of software supply chain tracking criteria to the CII Badge process. The addition of cryptographically signed and validated steps in the softw…
-
## Overview
See https://github.com/cncf/tag-security/issues/1025
We are in the process of implementing supply chain security best practices in the Kubescape project.
The first phase of this pr…