Addressing some open issues - FAQ, clarifications

ossf / s2c2f

The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developer’s workflow.

Other

179 stars 24 forks source link

Addressing some open issues - FAQ, clarifications #25

Closed jasminewang0 closed 1 year ago

jasminewang0 commented 1 year ago

Issues addressed:

Created a FAQ and folded in #12
Updated the appendix with SLSA 1.0 for #14
Updated the threats table and added a new threat to resolve #16
Addressed some of Melba Lopez's feedback in #22; please see this issue for a list of what has been addressed and what will need further discussion.