-
**Is your feature request related to a problem? Please describe.**
Industry best standards for software security and software supply chain risk management security is to have a software bill of mater…
-
see: https://github.com/slsa-framework/slsa-github-generator/blob/3d27f18a67e12a251517ca9af35771a93da39526/internal/builders/generic/README.md
see: https://security.googleblog.com/2022/04/improving-so…
-
As time goes by, projects start using new glibc features not present in old versions, hence requiring a newer manylinux baseline version to be defined.
For example:
* https://github.com/openai/tri…
-
# **Background:**
- As per published [v1.0](https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/tree/main/1_0_vulns) of the OWASP Top 10 for Large Language Model Applica…
-
As per discussion https://github.com/open-quantum-safe/boringssl/pull/115#issuecomment-2089779310
- [x] Create CI image(s) with Ubuntu 22 & 24
- [ ] Deploy in CI testing
(- [ ] Create reminder…
-
### Expected Behavior
CI is triggered and run for pull requests, created from forks.
### Actual Behavior
CI doesn't run for pull requests, created from forks.
See for example [PR#377](https://gi…
-
### Summary
All reports published by security companies prove that Software Supply Chain Attacks are on the rise. There is no doubt that they will continue to increase in the coming years. With this …
-
**Describe the problem**
When you use Gnome software it will complain that the RPM package isn't signed. This isn't the end of the world but it got me thinking about security and resistance to supply…
-
### Summary
Hi there! I wonder if scicookie as a cookiecutter template could generate SLSA3 provenance for Python-based build artifacts (the source distribution and wheels) in the template files by d…
-
## Description
To improve supply-chain security and license compliance for the software embedded in a component, we should incorporate a software bill-of-materials (BOM) in the component definition…