-
Only want to know if the project is still alive or does anybody know some more state of the art alternatives with an active community support? :) - Coming from OWL Carousel (used many years ago for on…
-
## Request Summary:
Open Source Module Supply Chain attacks pose a real risk to the community:
For example: https://www.zdnet.com/article/corrupted-open-source-software-enters-the-russian-battl…
-
Cross reference with https://discuss.scientific-python.org/t/spec-8-supply-chain-security/1163
Copying from @tupui's original post there, areas of focus could be:
* [OpenSSF 4](https://openssf.o…
-
## Date
_Tues_ 23 July 2024 - _10am_ EST / _time_ UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are responsib…
-
**Describe the bug**
The CISA SCRM framework does not show the questions, while they exist in the xlsx file in 'tools/cisa/'.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to 'Framewor…
-
Ensure supply chain security for code/package repositories (e.g. hex.pm)
-
As [reported in the media](https://thehackernews.com/2024/06/over-110000-websites-affected-by.html), the original polyfill.js CDN has been serving malware.
https://github.com/albertcht/invisible-re…
-
When pushing an OCI artifact, users often need the digest immediately to proceed with signing workflows or for downstream automation. Both docker push and oras push output the digest as part of their …
-
Today, opentelemetry-cpp got an attack in the form of:
* a PR, that wants to add binary files (a .zip) and shell scripts in the repo
This PR is deleted already, audit trail shows:
```
File C…
-