Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document standards for supply chain and code provenance checking #555

Open
6 tasks
mmguero opened this issue Jan 16, 2025 · 0 comments
Open
6 tasks

document standards for supply chain and code provenance checking #555

mmguero opened this issue Jan 16, 2025 · 0 comments
Labels
doc Relating to Malcolm documentation security Related to issues with bearing on the security of Malcolm itself
Milestone
v25.02.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Jan 16, 2025

I've been asked to create a document that defines our process for:

  • processes for upstream components as they are updated
    • base docker images and the libraries included in them
    • items installed from official packages (deb, pip, etc.)
    • items built from source
    • standards of trust for upstream providers
  • processes for accepting code submissions (pull requests)
@mmguero mmguero added doc Relating to Malcolm documentation security Related to issues with bearing on the security of Malcolm itself labels Jan 16, 2025
@mmguero mmguero added this to the v25.02.0 milestone Jan 16, 2025
@mmguero mmguero added this to Malcolm Jan 16, 2025
@mmguero mmguero moved this to Todo in Malcolm Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
doc Relating to Malcolm documentation security Related to issues with bearing on the security of Malcolm itself
Projects
Malcolm
Status: Todo
Milestone
v25.02.0
Development

No branches or pull requests
1 participant
@mmguero