Software Bill of Materials and provenance artifacts #575
Labels
Cloud Native Security Slam 2023
https://github.com/orgs/ContainerSSH/discussions/574
feature
New feature or request
help wanted
Extra attention is needed
Comments
janosdebugs
added
feature
janosdebugs
changed the title
janosdebugs
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Abstract
A software bill of materials presents users of ContainerSSH with a comprehensive list of all parts that ContainerSSH is made of. Provenance artifacts describe the entire history of code in ContainerSSH itself.
Background
The Cloud Native Security Slam is an event helping big consumers of ContainerSSH, such as Epic Games and the US Space Force consume ContainerSSH in a more secure manner.
Implementing it in ContainerSSH
ContainerSSH already has a license checker which compiles the NOTICE file shipped with all releases. This would need to be changed into a tool that exports a machine-readable SBOM format.
Further reading
The text was updated successfully, but these errors were encountered: