Open max-au opened 4 years ago
Let's collect some thoughts here, we can discuss in the next meeting how we want to turn this into actionable tasks/projects/documents. I would suggest we try to answer the following questions:
What kind of supply chain security issues are we trying to protect against?
Some possibilities:
Following the Biden Admin EO, we can expect a lot of talks about SBOM.
Worth pointing out for people to have a look at are GITBOM Analysis of the supply chain landscape by the OSFF
Ensure supply chain security for code/package repositories (e.g. hex.pm)