-
Like Policy & Verification in https://github.com/slsa-framework/slsa/issues/46, and related to, how/where to publish provenance and how users discover published provenance feels like an open gap in th…
-
### Description
I observed that one of the project workflows I maintain is not able anymore to build 32-bit packages on 64-bit GNU/Linux hosts and the only thing that has changed is the GitHub runn…
-
In the BOM metadata, add support for lifecycle which describes each lifecycle phase involved in the creation of the BOM. This should be an enum of allowable choices.
```json
"lifecycle": [
"pro…
-
Dear Darrin,
I contact Oleg about doing synteny analyses similar to the 2022 metazoan paper and he told me about odp. It looks like a fantastic tool and I'm excited to be trying it.
I'm trying t…
-
@alinazeng I am starting an issue for this here as we finalize these in the manuscript file. Some to do items (I know you are likely working on these already) ...
- [x] Give the exact search terms
…
-
Do we need both `uri` and `downloadLocation` fields when artifacts are always matched on `digest`?
This question came out of a discussion happening over at https://github.com/in-toto/attestation/p…
-
# `dev`
## Affected projects in catalog `dcp2`
- `df88f39f-01a8-4b5b-92f4-3177d6c0f242`
- `d2111fac-3fc4-4f42-9b6d-32cd6a828267`
- `d3ac7c1b-5302-4804-b611-dad9f89c049d`
- `51f02950-ee25-4f4b…
-
Most SBOM generators base the inclusion of a component in an SBOM on a packagemanager file or the existence of some other file.
I would like to be able to trace back what source was used as evidence …
-
# Open Grant Proposal: Museum of Crypto Art Archive by Filecoin
**Name of Project:** Museum of Crypto Art (M○C△)
**Proposal Category:**`app-dev`
**Proposer:** shivani3000
**(Optional) Tech…
-
I've run an initial scorecard report against the repo and sharing the results here:
```json
{
"date": "2022-11-16",
"repo": {
"name": "github.com/openclarity/functionclarity",
"com…