-
Based on the best practices site, is there a section where we can add in reference implementation of the architecture of what the best practices would look like in software supply chain security. We h…
-
As mentioned at today's meeting (and prior meetings), SLSA is currently focused only on "integrity" supply chain security includes more than that, notably "vulnerability management" and "developer tru…
-
cc @open-telemetry/sig-security-maintainers
As a part of documenting and ensuring supply chain security, we would like to document and review the permissions/scopes for existing integrations.
-
https://www.youtube.com/watch?v=7LFftXcw1jA&list=PLjxrf2q8roU3LvrdR8Hv_phLrTj0xmjnD&index=3
-
Before I begin, here's some supplementary reading material. I'll try to make this feature request make sense without reading any of this material, but in case I fail this should fill in any of the gap…
-
### What is the problem this feature will solve?
Recent malicious supply chain attacks have seen binary files slipped into a package (as test files in that case) that served as an attack vector. Coul…
-
**Is your enhancement proposal related to a problem? Please describe.**
Open-source supply-chain attacks are [increasing every year][sonatype]. Beyond the infamous [SolarWinds][solarwinds] and [Codec…
-
# Summary
Hi, I'm Harshita. I’m working with [CNCF and the Google Open Source Security Team for the GSoC 2024 term](https://github.com/cncf/mentoring/issues/1196). We are collaborating to enhance sec…
-
**Impact of the bug**
Malicious code execution
**Describe the bug**
There are an unmet dependency in `setup.py` and `requirements.txt` - library pprint:
https://github.com/phareous/insteonloca…
-
### Application contact emails
feynmanzhou@microsoft.com, yizha1@microsoft.com, luisdlp@microsoft.com, sajaya@microsoft.com
### Project Summary
A verification engine on Kubernetes which enabl…