Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.
The Trusted Repository Security Initiative Task Force was created from roundtables at the Secure OSS Policy Summit in Washington D.C. in Sept. 2023 and would like to work as a SIG within the Supply Chain Integrity WG.
The proposal of the focus, intent, goals, and/or deliverables of the SIG is captured here.
Initial membership consists of @msilverman-fsisac, @AevaOnline and others, which meets the sandbox SIG requirements. Other interested parties include @jkjell and @hepwori.
The group is looking for the SCI WG to agree to be the governing body for the Trusted Repo Security SIG. If a vote is required, would the June 5, 2024 WG meeting provide enough time to review?
The Trusted Repository Security Initiative Task Force was created from roundtables at the Secure OSS Policy Summit in Washington D.C. in Sept. 2023 and would like to work as a SIG within the Supply Chain Integrity WG.
The proposal of the focus, intent, goals, and/or deliverables of the SIG is captured here.
Initial membership consists of @msilverman-fsisac, @AevaOnline and others, which meets the sandbox SIG requirements. Other interested parties include @jkjell and @hepwori.
The group is looking for the SCI WG to agree to be the governing body for the Trusted Repo Security SIG. If a vote is required, would the June 5, 2024 WG meeting provide enough time to review?