search

devfile / api

Kube-native API for cloud development workspaces specification
Apache License 2.0
259 stars 62 forks source link

Further CNCF Defender Actions #1465

Open Jdubrick opened 7 months ago

Jdubrick commented 7 months ago

/kind user-story

Which area this user story is related to?

/area api /area library /area registry /area alizer /area landing-page

User Story

In continuation of the CNCF Defender there are 3 checks that need further investigation:

  1. Software Bill of Materials (SBOM)
  2. Signed Releases
  3. Token Permissions

We need to determine whether these 3 checks are relevant to our repositories, and if so, create issues to implement them. If they are not relevant we will need to create issues for marking them as exempt.

An initial spike issue has been linked to this epic to determine the path required.

Acceptance Criteria

github-actions[bot] commented 3 weeks ago

This issue is stale because it has been open for 90 days with no activity. Remove stale label or comment or this will be closed in 60 days.