Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supply Chain Security & 3rd-Party Code Packages #242

Open
jameszwiers opened this issue Feb 9, 2022 · 0 comments
Open

Supply Chain Security & 3rd-Party Code Packages #242

jameszwiers opened this issue Feb 9, 2022 · 0 comments
Assignees

Comments

@jameszwiers
Copy link

We should be defining best practice around how we review and validate the origin of 3rd-party code that we make use of.

We need to consider areas ranging from:

  • Which types of repo's we might consider sourcing from
  • File signature verification
  • Code reviews

Likely other matters that need to be considered as well, and we should definitely ask Cyber for input as well.

@jameszwiers jameszwiers self-assigned this Feb 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant