Container-Security-Verification-Standard icon indicating copy to clipboard operation
Container-Security-Verification-Standard copied to clipboard
verified publisher icon OWASP

Related projects and controls

Open stevespringett opened this issue 6 years ago • 3 comments

Containers are part of a software supply chain. Because of that, I see some overlap in some of the areas of concern outlined in Component Analysis.

There's also an incubating project called the OWASP Software Component Verification Standard which attempts to address software supply chain risk. A few of the items in that list may apply to CSVS, especially the inventory, SBOM, and related controls.

stevespringett avatar Oct 07 '19 19:10 stevespringett

@stevespringett thanks for your input. Any suggestions on how to deal with these overlaps?

disenchant avatar Oct 08 '19 09:10 disenchant

Perhaps including image package inventory and maybe a few other high-level items. Other than that, just refer users to SCVS (once its complete - not now).

stevespringett avatar Oct 09 '19 00:10 stevespringett

Sure 👍 Please just let me know as soon as the SCVS is ready to be referenced.

disenchant avatar Oct 10 '19 10:10 disenchant