Our engineering standards are the things that we expect engineers to do. Look at the 'writing a standard' standard and provide some brief information below
What is the standard you are suggesting?
A standard that outlines best practice for the introduction, management and scanning of software dependencies
What would be the benefit to the Home Office of adopting this standard?
This will set the standard for how dependencies are securely managed and made discoverable. This will help to mitigate risks of vulnerabilities being introduced via supply chain attacks.
How might people follow it
Dependency vulnerability scanning
Deliberate introduction of dependencies
Enabling observability of dependencies across the HO estate
Additional information
Please confirm the below
[x] I have looked at the writing-a-standard standard and think this would meet the standard
[x] I have looked through our existing standards and think this is not covered elsewhere
[x] I have checked through the open issues on the repository and this standard has not already been suggested
Our engineering standards are the things that we expect engineers to do. Look at the 'writing a standard' standard and provide some brief information below
What is the standard you are suggesting? A standard that outlines best practice for the introduction, management and scanning of software dependencies
What would be the benefit to the Home Office of adopting this standard? This will set the standard for how dependencies are securely managed and made discoverable. This will help to mitigate risks of vulnerabilities being introduced via supply chain attacks.
How might people follow it
Additional information
Please confirm the below