We need to determine whether these 3 checks are relevant to our repositories, and if so, create issues to implement them. If they are not relevant we will need to create issues for marking them as exempt.
An initial spike issue has been linked to this epic to determine the path required.
/kind user-story
Which area this user story is related to?
/area api /area library /area registry /area alizer /area landing-page
User Story
In continuation of the CNCF Defender there are 3 checks that need further investigation:
Software Bill of Materials (SBOM)
Signed Releases
Token Permissions
We need to determine whether these 3 checks are relevant to our repositories, and if so, create issues to implement them. If they are not relevant we will need to create issues for marking them as exempt.
An initial spike issue has been linked to this epic to determine the path required.
Acceptance Criteria