CI/CD (Infrastructure) Bill of Material

cdfoundation / community-ambassador-program

CDF Community Ambassador Program: charter, guidelines, application, and meeting details

17 stars 6 forks source link

CI/CD (Infrastructure) Bill of Material #10

Open bajpaigarima opened 2 years ago

bajpaigarima commented 2 years ago

A CI/CD Bill of Materials can be used to support the systematic review of known security vulnerabilities in open source components and approval of each component’s

An CI/CD BOM is useful both to the builder (manufacturer) and the buyer (customer) of a software product
Cyber Supply Chain Management and Transparency Act of 2014[10] was US legislation that proposed to require government agencies to obtain SBOMs for any new products they purchase, so it can help CI/CD consumers and producers

kcollasarundell commented 2 years ago

This would likely combine well with a post\subsection on transparency logs. The ability to provide a historic tamper resistant view of not just the SBOM but attestations on testing, validation and build process. As well as combining with the automation to prevent unsigned resources from being run-able.

bradmccoydev commented 2 years ago

@Saim-Safdar can help connect with Tracy Ragan and Steve Taylor on this.