Make this repo SWSC best practices compliant #432

marcelamelara · 2023-04-12T20:01:43Z

A number of SW supply chain (SWSC) best practices frameworks have come out of CISA, NIST, and the OpenSSF. This issue tracks the implementation plan for meeting these practices.

Implementing these practices often requires multiple steps and/or tools. This issue tracks implementation progress in this issue:

Create SW supply chain best practices implementation doc
Implement NTIA minimum SBOM requirements
Implement OpenSSF Scorecard requirements
Implement OpenSSF SLSA Build L3 requirements

prakashngit · 2024-03-01T16:46:42Z

Would be good to have a plan for how we intend to proceed.

marcelamelara · 2024-03-01T16:49:59Z

Thanks on the ping, I have on OKR to complete a draft of a plan in Q1.

marcelamelara changed the title ~~Enable dependabot dependency scanner~~ Make this repo SWSC best practices compliant Dec 12, 2023

marcelamelara self-assigned this Dec 12, 2023

marcelamelara mentioned this issue Mar 15, 2024

Add GHA dependabot alerts #454

Closed

cmickeyb added the build label Apr 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make this repo SWSC best practices compliant #432

Make this repo SWSC best practices compliant #432

marcelamelara commented Apr 12, 2023 •

edited

Loading

prakashngit commented Mar 1, 2024

marcelamelara commented Mar 1, 2024

Make this repo SWSC best practices compliant #432

Make this repo SWSC best practices compliant #432

Comments

marcelamelara commented Apr 12, 2023 • edited Loading

prakashngit commented Mar 1, 2024

marcelamelara commented Mar 1, 2024

marcelamelara commented Apr 12, 2023 •

edited

Loading