cncf / public-sector-user-group

🏛️ 🗣️ ☁️ CNCF User Group focused on advancing cloud computing in the public sector
https://www.cncf.io/enduser/
Apache License 2.0
20 stars 3 forks source link

[Proposal] Whitepaper on Public Sector Software Supply Chain #12

Open idunbarh opened 6 months ago

idunbarh commented 6 months ago

Public Sector CNCF Members are seeing Government Customer focus on securing software supply chains and receiving attestations. These attestations need to be signed and have provenance bridge across multiple company and network boundaries.

These boundaries and the sensitive nature of the products make using public repositories and public signing services unusable.

The proposal is to create a whitepaper that outlines strategies to cover several different topics.

@Charley-Mann @brandtkeller @eddiezane

Starefossen commented 5 months ago

@jksolbakken (AppSec) and I (Platforms) from the Norwegian Labor and Welfare Administration (@navikt) would like to participate on this whitepaper!

Charley-Mann commented 5 months ago

Hi @idunbarh @Starefossen, I'd like to kick off this project soon so we can attract more great folks to participate. Would you be free for a quick call next week to determine the initial structure of the paper and get things rolling? How would Wednesday 16:00 CEST suit?

Starefossen commented 5 months ago

@Charley-Mann That time works very well for me!

Charley-Mann commented 5 months ago

@Starefossen excellent! Would you please send me an email, so I can set up a call?

idunbarh commented 5 months ago

@Charley-Mann @Starefossen We're also good from our side, and I know several of the public sector usergroup member organizations are interested in participating.

We have a public sector user group meeting this Thursday (June 13th) but it might be a little late in the evening (10am PST, 1pm EST).

I got an action item to start a draft outline before that meeting. Does it work for both of you to participate and chart a path forward there?

Charley-Mann commented 5 months ago

@idunbarh @Starefossen - 10am PST this Thursday works for me. Could you please link me to the meeting invite so I can join?

Starefossen commented 5 months ago

I believe you need to register on the CNCF platform and then you can see the meeting info here: https://zoom-lfx.platform.linuxfoundation.org/meeting/92496539385?password=c2394fad-98a0-486d-9746-deff3b7de463