-
Originate from https://github.com/yuzutech/kroki/pull/1530#discussion_r1196583936
> In general I also tried looking into dependency checksum verification for the pom.xml, but this appears to be a r…
-
#### Current Behavior
See this [security score report](https://artifacthub.io/packages/helm/meshery/meshery?modal=security-report) for details of known vulnerabilities in Meshery's published packages…
-
### Feature description
Generate a software-bill-of-materials (SBOM) supply-chain security artifact in CI.
### Value and/or benefit
Improve supply-chain security by generating a SBOM artifact in CI…
-
The Wave service has reported [clients are looking for SBOMs](https://github.com/seqeralabs/wave/issues/489#issuecomment-2097779215) to be provided alongside the generated images.
Since we now use…
-
Supply chain security often requires binaries to be verified prior to use.
The current recommended way is to use the sha256 sums from the [releases page](https://github.com/GoogleCloudPlatform/clo…
-
## Feature Request
### Description
This allows you to publicly establish where a package was built and who published a package, which can increase supply-chain security for your packages.
This …
-
I'm a Cyber Security researcher and developer of PackjGuard [1] to address open-source software supply chain attacks.
# Issue
During my research, I detected a _deleted package_ in this repository.
…
-
Not all environments are guaranteed to have String.prototype.padStart implemented with standards-compliant semantics. The NPM project https://www.npmjs.com/package/left-pad has been robustly battle-te…
-
## What is missing or needs to be updated?
The cheat sheet for "Software Supply Chain Security" has an incorrect filename:
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Softw…
-
Hello,
We are considering using the project inside our company. However, our Security Team asked us do to a review on the project security, using scorecards like https://scorecard.dev/viewer/?uri=g…