search

cdevents / spec

A common specification for Continuous Delivery events
Apache License 2.0
125 stars 21 forks source link

Secure Software Supply Chain Aspects #132

Open afrittoli opened 1 year ago

afrittoli commented 1 year ago

Follow up for #70

We should include an SBOM field to artifact events.

The first consumer of this field will be guac.sh.

e-backmark-ericsson commented 3 months ago

@afrittoli , what do you see should be added from secure supply chain aspects in CDEvents that is not yet there? Should we synch up with someone in OpenSSF to sort needs out?