-
[Sigstore](https://sigstore.dev/what_is_sigstore/) is an initiative by the Linux Foundation for software supply chain security. The goal is to be able to verify the origin of binaries as well as to en…
-
Now that we have a prototype (related: https://github.com/adoptium/temurin-build/issues/2594), we would like to investigate creating an extension via a popular/standard way of defining the same inform…
-
# **Background:**
- As per published [v1.0](https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/tree/main/1_0_vulns) of the OWASP Top 10 for Large Language Model Applica…
-
As part of improving supply chain security, [SLSA](https://slsa.dev) provides a framework to guarantee the integrity of software artefacts, with different levels of compliance.
One of the main conc…
-
GitHub has a feature that can track dependencies by reading a supported manifest file in the project.
See: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-softwar…
-
As software supply chain is such important and critial, we need to enable SLSA in our Kubebb(especially kubebb/core).
https://slsa.dev/
![image](https://github.com/kubebb/core/assets/30621793/e…
-
see: https://github.com/slsa-framework/slsa-github-generator/blob/3d27f18a67e12a251517ca9af35771a93da39526/internal/builders/generic/README.md
see: https://security.googleblog.com/2022/04/improving-so…
-
### Problem Statement
I have checked the project releases page, to see if the release includes a provenance attestation in its release assets. It usually ends with `.intoto.json `.
I have found that…
-
### Application contact emails
feynmanzhou@microsoft.com, yizha1@microsoft.com, luisdlp@microsoft.com, sajaya@microsoft.com
### Project Summary
A verification engine on Kubernetes which enabl…
-
As per discussion https://github.com/open-quantum-safe/boringssl/pull/115#issuecomment-2089779310
- [x] Create CI image(s) with Ubuntu 22 & 24
- [ ] Deploy in CI testing
(- [ ] Create reminder…