Supply Chain Security & 3rd-Party Code Packages
jameszwiers opened this issue · 0 comments
jameszwiers commented
We should be defining best practice around how we review and validate the origin of 3rd-party code that we make use of.
We need to consider areas ranging from:
- Which types of repo's we might consider sourcing from
- File signature verification
- Code reviews
Likely other matters that need to be considered as well, and we should definitely ask Cyber for input as well.