Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure Software Supply Chain Aspects #132

Closed
afrittoli opened this issue May 2, 2023 · 1 comment
Closed

Secure Software Supply Chain Aspects #132

afrittoli opened this issue May 2, 2023 · 1 comment
Labels
roadmap Items on the roadmap
Milestone
v0.5

Comments

@afrittoli
Copy link
Contributor

afrittoli commented May 2, 2023
edited
Loading

Follow up for #70

We should include an SBOM field to artifact events.

The first consumer of this field will be guac.sh.
@afrittoli afrittoli added this to the v0.4 milestone Jun 5, 2023
@e-backmark-ericsson e-backmark-ericsson added the roadmap Items on the roadmap label Jun 5, 2023
afrittoli added a commit to afrittoli/cdevents-spec that referenced this issue Nov 25, 2023
@afrittoli
Add an SBOM URI field to artifact events
b840de7 
Artifact packaged and/or published events may include a link to
a published SBOM. Since there is no default storage location for such
SBOM documents, CDEvents may help linking the artifact with its SBOM by
including a link to the SBOM in the artifact events.

Partially-addresses: cdevents#132

Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
@afrittoli afrittoli mentioned this issue Nov 25, 2023
Merged
4 tasks
afrittoli added a commit to afrittoli/cdevents-spec that referenced this issue Nov 25, 2023
@afrittoli
Add an SBOM URI field to artifact events
4cb1b1b 
Artifact packaged and/or published events may include a link to
a published SBOM. Since there is no default storage location for such
SBOM documents, CDEvents may help linking the artifact with its SBOM by
including a link to the SBOM in the artifact events.

Partially-addresses: cdevents#132

Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
afrittoli added a commit to afrittoli/cdevents-spec that referenced this issue Jan 12, 2024
@afrittoli
Add an SBOM URI field to artifact events
bddc031 
Artifact packaged and/or published events may include a link to
a published SBOM. Since there is no default storage location for such
SBOM documents, CDEvents may help linking the artifact with its SBOM by
including a link to the SBOM in the artifact events.

Partially-addresses: cdevents#132

Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
afrittoli added a commit that referenced this issue Jan 15, 2024
@afrittoli
Add an SBOM URI field to artifact events (#171)
dac26c8 
* Add an SBOM URI field to artifact events

Artifact packaged and/or published events may include a link to
a published SBOM. Since there is no default storage location for such
SBOM documents, CDEvents may help linking the artifact with its SBOM by
including a link to the SBOM in the artifact events.

Partially-addresses: #132

Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
@e-backmark-ericsson
Copy link
Contributor

@afrittoli , what do you see should be added from secure supply chain aspects in CDEvents that is not yet there? Should we synch up with someone in OpenSSF to sort needs out?

@e-backmark-ericsson e-backmark-ericsson modified the milestones: v0.4, v0.5 Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
roadmap Items on the roadmap
Projects
No open projects
Hacktoberfest 2024
Status: No status
Milestone
v0.5
Development

No branches or pull requests
2 participants
@afrittoli @e-backmark-ericsson