OWASP Software-Component-Verification-Standard issues

OWASP / Software-Component-Verification-Standard

Software Component Verification Standard (SCVS)

https://owasp.org/scvs

Creative Commons Attribution Share Alike 4.0 International

135 stars 39 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Link references updates (CMMC and EEI)

#41 hanstdam closed 7 months ago
0
Promote staging to production

#40 stevespringett closed 1 year ago
0
Fix #37 Hyperlinks fixed in Appendix - B

#39 crocks4123 opened 1 year ago
0
Translate standard documentation into Vietnamese language

#38 ducthinh993 opened 1 year ago
1
PDF links

#37 ghost opened 2 years ago
1
Create BOM Maturity Model in JSON

#36 stevespringett opened 2 years ago
0
Develop BOM Maturity Model - maturity levels and assignments

#35 stevespringett opened 2 years ago
0
Create BOM Maturity Model Taxonomy

#34 stevespringett opened 2 years ago
0
Translate to Japanese

#33 kannkyo opened 2 years ago
2
lvl 2 and lvl 3 is impossible due to requiring both reproducability and non-reproducability of SBOMs

#31 06kellyjac opened 3 years ago
11
Fix #29 - Update threat doc ref to OpenSSF repo.

#30 scovetta closed 4 years ago
0
Wrong link to OSSC publication

#29 scovetta closed 4 years ago
0
Control Mapping

#28 stevespringett opened 4 years ago
0
Feature/bom3

#27 garretfick closed 4 years ago
0
Clarify difference between package manager and repository

#26 garretfick closed 4 years ago
0
Use more direct language

#25 garretfick closed 4 years ago
0
Update to inventory controls

#24 garretfick closed 4 years ago
0
Inventory: Ambiguity in 3rd party vs open source components

#23 garretfick closed 4 years ago
2
Inventory preamble edits

#22 garretfick closed 4 years ago
0
David A. Wheeler's comments

#21 david-a-wheeler opened 4 years ago
1
Using SCVS: Clarify wording regarding levels of SCVS controls

#20 garretfick closed 4 years ago
0
Possible word change

#19 garretfick closed 4 years ago
0
Correct grammar - baselined isn't in any dictionary

#18 garretfick closed 4 years ago
0
Suggestions for suppilers

#17 garretfick closed 4 years ago
0
Consistent title case

#16 garretfick closed 4 years ago
0
Clarify how levels build on each other

#15 garretfick closed 4 years ago
0
Clarify "Devise a path to baseline and mature software supply chain vigilance"

#14 garretfick closed 4 years ago
0
Remove weasel words

#13 garretfick closed 4 years ago
0
Change 'impact' to 'manage'

#12 garretfick closed 4 years ago
0
Change "impact costs" to "manage costs"

#11 garretfick closed 4 years ago
0
Investigate additional resources

#10 stevespringett closed 4 years ago
0
Request for a bit more explanation

#9 commjoen opened 4 years ago
2
Add component-specific repo requirement

#8 stevespringett closed 4 years ago
0
SCVS-BOM-17 Descriptor

#7 msymons closed 4 years ago
0
2.4-SCVS-BOM-04 - Should this be applicable to Level 2 as the tools aren't readily available.

#6 pruddll closed 4 years ago
2
Correct name spelling

#5 garretfick closed 5 years ago
0
Add chain-of-custody for source code

#4 stevespringett closed 4 years ago
0
Preface: Bulleted list

#3 stevespringett closed 4 years ago
0
SCVS-INV-03 may way to specify machine readable (or add additional requirement)

#2 garretfick closed 4 years ago
3
SCVS-CAN-14 uses "component type" but the standard does not define the term

#1 garretfick closed 4 years ago
3