Share OSSF project inventory with downstream consumers for incident response

Question

Share OSSF project inventory with downstream consumers for incident response

Closed this issue 6 months ago · 1 comments

After all the projects are done self-identifying the initial stage they are in, I propose we adjust the incubating project lifecycle to post an SBOM on their github repo, maintain updating it with some frequency, and include a purl for software identification.

Answer 1 · 2024-05-22T19:08:01.000Z

Closing due to lack of progress.