Melba
Melba
**Objective**: Assess additional frameworks raised in the [7/26 SLSA Positioning SIG meeting](https://docs.google.com/document/d/1tpPOXVzNSwtpWA7cXhTPLAO6HIP50obUvoP85XqgVHM/edit# ). **Outcomes**: - Identify common criteria for assessing various frameworks - Assessing the following frameworks/standards in relation to...
**Background:** [ _“Government and industry widely accept SLSA as the lingua franca of supply chain security”_](https://docs.google.com/document/d/1L1gEJMBIvE0IbpFi23FOUByDYlItSYPPJmKdhvJQYsg/edit#heading=h.1hce59kd4nn0) **Objective**: Expand on original defined Charter and define scope for the Positioning SIG per...
Meeting compliance with different frameworks/regulations is top of mind for many companies. As companies start looking at what SLSA can do for them, it is unclear how it maps without...
As a subgroup of OpenSSF, we must think about security first and foremost. I am recommending creating a standard for all of SLSA repositories, builds, and scanning. I know we...
**Describe the bug** Improve repository's OpenSSF Scorecard score (currently at 7.1) **To Reproduce** `docker run -e GITHUB_AUTH_TOKEN gcr.io/openssf/scorecard:stable --show-details --repo=https://github.com/slsa-framework/slsa-github-generator --format=json > scorecard_slsa-framework_slsa-github-generator.json` **Expected behavior** - Branch Protections could be...
Problem: To assist with automation (devops/compliance), need to generate a machine readable format for SLSA Requirements. Propose: - Use v .1 of SLSA Specification to identify accuracy/development of different formats...
**Describe the bug** I know this is a demo repository, but if we are expecting people to install on their own systems, we should try to follow security best practices...
EPIC: https://github.com/ossf/wg-supply-chain-integrity/issues/63 Overview: Why do i care about SLSA? _(developer persona)_ ### Abstract: In today's interconnected digital landscape, ensuring the security and integrity of software has become more critical than...
**Description** Positioning SIG would like to create a webinar or video _(may be a series)_ to deep dive into SLSA implementation._(Length TBD)_ **Background** From [June 14th Meeting](https://docs.google.com/document/d/1yguI9NEmEGM0OQvJi8E0nteo6fU3lxy-qpoq1DQtbhc/edit) Possible option: **Long...
Need to update the list of maintainers for the current SCI WG, as existing list is outdated. 