-
# **Background:**
- As per published [v1.0](https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/tree/main/1_0_vulns) of the OWASP Top 10 for Large Language Model Applica…
-
### Is your feature request related to a problem? Please describe.
Should we get a tool to scan the Docker images we build to sniff out any security vulnerabilities?
### Describe the solution you'…
-
Hi CDF Community,
**The CDF TOC Project Representatives 2024 Election process begins September 11, 2024 and ends on October 15, 2024.**
4 of the 9 CDF TOC seats are elected from CDF Project rep…
-
### Summary
All reports published by security companies prove that Software Supply Chain Attacks are on the rise. There is no doubt that they will continue to increase in the coming years. With this …
-
**Describe the problem/challenge you have**
Currently, the artefacts produced by the different Carvel projects (binaries, images, bundles) are not signed. It would be nice if they were all signed t…
-
### Expected Behavior
whenever a tagged release is made in a given repo, that version number or tag should appear as version in dependency track.
if no tag is available, a commit hash could/should b…
-
## 📚 Context
### Problem:
Currently, there is a lack of visibility into the build process and contents of Docker images used in the project. This makes it challenging to assess the security ris…
-
It appears that Gitlab can provide dependency lists for projects https://docs.gitlab.com/ee/user/application_security/dependency_list/.
See:
- https://gitlab.com/gitlab-org/gitlab/-/blob/master/e…
-
**Objective**: Assess additional frameworks raised in the [7/26 SLSA Positioning SIG meeting](https://docs.google.com/document/d/1tpPOXVzNSwtpWA7cXhTPLAO6HIP50obUvoP85XqgVHM/edit#
).
**Outcomes*…
-
[Sigstore](https://sigstore.dev/what_is_sigstore/) is an initiative by the Linux Foundation for software supply chain security. The goal is to be able to verify the origin of binaries as well as to en…