ipm icon indicating copy to clipboard operation
ipm copied to clipboard
verified publisher icon intersystems

Secure the package supply chain

Open kuszewski opened this issue 3 years ago • 0 comments

ZPM, like package managers across the board, need to encourage best practices for securing the software supply chain. The https://in-toto.io/ project creates a framework for part of the puzzle and is a CNCF project, so it's standards-based. Would you consider investigating it to see if we can integrate it with ZPM?

kuszewski avatar Apr 05 '22 16:04 kuszewski