nourboesing
commented
1 year ago As the threatmodeling conversation evolves, we can already start talking about the supply chain security tools that can solve for various supply chain security issues. The feedback on using these tools will also fit into the security toolbelt conversations at OpenSSF.
I suggest starting with the sigstore stack as one of the more mature and well maintained products end users might be interested in experimenting with.
High stake testers would like to provide feedback, productionising those products, would like to submit some PRs, or highlight the issues we are facing. Gives a great end user perspective of using the OSSF tooling or other tools and services