-
When pushing an OCI artifact, users often need the digest immediately to proceed with signing workflows or for downstream automation. Both docker push and oras push output the digest as part of their …
-
Before I begin, here's some supplementary reading material. I'll try to make this feature request make sense without reading any of this material, but in case I fail this should fill in any of the gap…
-
## Date
_Tuesday_ 18 June 2034 - _9am_ EST / _time_ UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are respons…
-
This item includes topics of supply chain management based on the preliminary template https://ot.owasp.org/the-top-10/template/
That includes SLAs and patch management, which is typically not done…
-
* **Title**: Mr
* **Speaker**: Jonathan Campbell
* **Type**: (Presentation 30-45 mins | Lightning Talk 5-10 mins) Presentation / Discussion
* **Level**: (basic | standard | advanced) TBC
* **Tags…
-
# Signing ML Artifacts: Building towards tamper-proof ML metadata records
**Authors:**
* Mihai Maruseac
* Daniel Major
* Eoin Wickens
## **Summary**
Cryptographic signing is widely used th…
-
Description: what's your idea?
After discussion with the Confidential computing project, it seems like there is an opportunity for collaboration to provide guidance for projects to create a confide…
-
Currently Cosign can be installed manually by downloading a .deb from the Releases, however this is a single, point in time version.
Feature request: Add support for installing Cosign through Ubun…
-
Coming here from the results of a supply chain security analysis of this repository that we Orijtech Inc engaged Chainguard Inc, to perform on behalf of the Cosmos ecosystem. The report is at https://…
-
NatWest Group is running an **Open Source Supply Chain Security** “FINOS Members + Limited Guests, Chatham House Rule” roundtable, to celebrate OSFF London, on behalf of the FINOS DevOps Automation SI…