Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New CS proposal: Software Supply Chain Security #1356

Open
EbonyAdder opened this issue Mar 9, 2024 · 3 comments
Open

New CS proposal: Software Supply Chain Security #1356

EbonyAdder opened this issue Mar 9, 2024 · 3 comments
Assignees
@EbonyAdder
Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. NEW_CS Issue about the creation of a new cheat sheet.

Comments

@EbonyAdder
Copy link
Contributor

What is the proposed Cheat Sheet about?

The CS will provide an on overview of SSCS, its relevance to developers, and practical guidance on improving the security of SSCs.

What security issues are commonly encountered related to this area?

  • Known vulnerable components used to build software
  • Using compromised or insecure third-party services or tools to develop, build, deliver, or otherwise manage software (which may not necessarily be "built" into the software as in the above)
  • Compromise of build script or processes
  • Compromise of code repositories or packages
  • Compromise of deployment processes or runtime environment (such as pulling a malicious update)

What is the objective of the Cheat Sheet?

The main objectives of the cheatsheet are: (1) provide an understanding of the various components which comprise the SSC, (2) identify common threats to the SSC, and (3) provide practical guidance on how developers can mitigate SSC risk.

What other resources exist in this area?
@EbonyAdder EbonyAdder added ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. HELP_WANTED Issue for which help is wanted to do the job. NEW_CS Issue about the creation of a new cheat sheet. labels Mar 9, 2024
@mackowski
Copy link
Collaborator

Looks awesome, do you want to work on PR @EbonyAdder?

@mackowski mackowski added ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. and removed ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. labels Mar 11, 2024
@EbonyAdder
Copy link
Contributor Author

Thanks @mackowski and sorry for the late response; yes, I would like to work on the PR.

@jmanico
Copy link
Member

jmanico commented Mar 16, 2024 via email

@szh szh removed the HELP_WANTED Issue for which help is wanted to do the job. label Mar 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EbonyAdder EbonyAdder

Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. NEW_CS Issue about the creation of a new cheat sheet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jmanico @szh @EbonyAdder @mackowski