[Enhancement]: Add a framework of SLSA with a focus on mitigating supply-chain risk #2883
Open
1 task done
Assignees
Labels
enhancement
New feature or request
Comments
leonrayang
changed the title
|
The compilation environment of SLSA on GitHub is relatively independent, while some binaries of CubeFS require more additional C-like libraries, so they need to be compiled in the customized Docker image of CubeFS. The method of running a custom Docker image in the GitHub SLSA action environment is currently under research. |
10 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Contact Details
No response
Is there an existing issue for this?
What would you like to be added?
SLSA is aframework for assessing the security practices of a given software project with a focus on mitigating supply-chain risk. SLSA emphasises tamper resistance of artifacts as well asephemerality of the build and release cycle.
SLSA mitigates a series of attack vectors in the soft ware development life cycle (SDLC), all ofwhich have seen real-world examples of successful attacks against open-source and proprietary software.
Why is this needed?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: