Contributing GitHub Security tooling

[josepalafox]

Problem/Question

Hi, I was wondering if I could join a meeting on this project or contact with the maintainers to explore adding some content to the project. GitHub's security tools are free to use for OSS projects and we've integrated with a zillion, linters, container scanners, IAC scanners, and other SAST technologies. I have an architecture for securing various code workflows and was working with a designer to build something like this for GH services but someone pointed me to this project and I thought maybe it could live here instead. I have a bunch of content already created to talk through if someone is interested.

[mlieberman85]

Hi Jose, we would love to collaborate. To give you a bit of a head's up this project is in the process of being contributed to the OpenSSF's Supply Chain Integrity Working Group. We don't have any official meetings yet on the project but should be having stuff fall under the OpenSSF in the coming weeks.

To give some more background, this project is an implementation of the CNCF's Secure Software Factory reference architecture.

Until everything is sorted out would still love to have a chat informally, give you a better idea of how this works and see how we can collaborate further.

[mlieberman85]

@josepalafox I know it's been a little bit of time but did want to inform you we now have official OpenSSF community meetings starting for ssf next week. It's on the OpenSSF community calendar: https://openssf.org/getinvolved/

It's going to be every other Wednesday at 10AM eastern starting next week.