ossf/wg-securing-software-repos

Issues

• Add recommednations for package repositories looking to rollout Trusted Publishers

  #45 opened 4 months ago by sethmlarson
  3

• Create "Binary Transparency for Artifact Registries" guide

  #47 opened 4 months ago by haydentherapper
  0

• With "trusted publishers" is there any user-verifiable evidence that a particular pypi package is based on a particular CI workflow?

  #46 opened 5 months ago by nealmcb
  1

• Create "Trusted Publishing for All Package Repositories" Guide

  #42 opened 5 months ago by steiza
  0

• Document recent security capabilities of package repositories, and their funding source

  #39 opened 10 months ago by steiza
  2

• Brainstorm ideas on how to improve "Principles for Package Repository Security" from CISA OSS Summit

  #40 opened 10 months ago by david-a-wheeler
  2

• The Great Artifact Repository Security Audit

  #14 opened 10 months ago by JLLeitschuh
  2

• Produce whitepaper of recommendations for securing package repositories

  #16 opened 2 years ago by znewman01
  8

• Produce cryptographic signing guide for package managers

  #10 opened 2 years ago by znewman01
  2

• Shared Repository Helpdesk Proposal & Feedback

  #9 opened a year ago by bettymakes
  1

• IBM Software Fingerprinting for Supply Chain Security Presentation & Feedback

  #8 opened a year ago by mrutkows
  5

• Link to GitHub team makes governance appear opaque to non-members

  #15 opened a year ago by joshuagl
  12

• Set up wg-securing-software-repos to publish static content

  #19 opened a year ago by steiza
  2