-
[Issue28](https://github.com/oasis-tcs/osim/issues/28) proposes we have a place to start defining terms.
[Issue29](https://github.com/oasis-tcs/osim/issues/29) proposes to define the term "software …
-
## Date
Thursday 20 Jun 2023 - 09:00 EST / 14:00 UK
## Untracked attendees
| Name | Firm | Comment |
| :--- | :--- | :------ |
## Meeting notices
- FINOS **Project leads** are responsibl…
-
The official docker build-push-action now also supports SBOM (with syft) and generating provenance (with SLSA).
https://github.com/docker/build-push-action#inputs
Provide alternative for `docker…
-
**Affected component(s) or functionality (if applicable)**
Documentation
**Brief summary**
Documentation currently doesn't reflect the state of the project. Many aspects are outdated, importa…
-
Hey!
Very cool project, and we were curious about your SLSA leveling and roadmapping.
I believe this achieves SLSA 2 when creating attestations for a command that produces a build artifact, sinc…
-
I covered a call yesterday afternoon, in which ONCD has been working with CISA on a “product security baseline” document, describing flaws that pose unacceptable risk in software development. CISA dev…
-
I need spoof issue specs to be used to test two LLM models
-
This working group has produced a ton of useful information about how best to build a secure package repository, along with data on what repositories are currently doing. Can we crystallize this into …
-
This issue serves to document the SLSA criteria for Adoptium to meet. SLSA [1] is a secure software supply chain framework that defines four compliance levels [2] of increasing assurance.
Level 1
…
-
### NuGet Product(s) Affected
dotnet.exe
### Current Behavior
`dotnet list package --deprecated` only finds deprecated packages.
### Desired Behavior
`dotnet list package --deprecated` should fin…