-
NatWest Group is running an **Open Source Supply Chain Security** “FINOS Members + Limited Guests, Chatham House Rule” roundtable, to celebrate OSFF London, on behalf of the FINOS DevOps Automation SI…
-
### Description of the feature request:
When troubleshooting past invocations, it might be useful to know which dependencies were used in the invocation: information like which version was used, any…
-
@SantiagoTorres
I would like to suggest the addition of software supply chain tracking criteria to the CII Badge process. The addition of cryptographically signed and validated steps in the softw…
-
## Date
_day-of-week_ DD MMM yyyy - _time_ EST / _time_ UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are res…
-
## Overview
See https://github.com/cncf/tag-security/issues/1025
We are in the process of implementing supply chain security best practices in the Kubescape project.
The first phase of this pr…
-
-
Posture:
* https://www.googlecloudcommunity.com/gc/Community-Blog/Monitoring-for-Suspicious-GitHub-Activity-with-Google-Security/ba-p/763610
* https://sharpletters.net/2023/02/26/examining-github-se…
-
In light of the `xz` attack:
* https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
audit the opentelemetry-cpp repository for possib…
-
See this guide https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
It may be useful to map our checks to this framework
-
see: https://github.com/slsa-framework/slsa-github-generator/blob/3d27f18a67e12a251517ca9af35771a93da39526/internal/builders/generic/README.md
see: https://security.googleblog.com/2022/04/improving-so…