Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

document standards for supply chain and code provenance checking #555

Closed
6 tasks
mmguero opened this issue Jan 16, 2025 · 1 comment
Closed
6 tasks

document standards for supply chain and code provenance checking #555

mmguero opened this issue Jan 16, 2025 · 1 comment
Assignees
@mmguero
Labels
doc Relating to Malcolm documentation security Related to issues with bearing on the security of Malcolm itself
Milestone
v25.02.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Jan 16, 2025

I've been asked to create a document that defines our process for:

  • processes for upstream components as they are updated
    • base docker images and the libraries included in them
    • items installed from official packages (deb, pip, etc.)
    • items built from source
    • standards of trust for upstream providers
  • processes for accepting code submissions (pull requests)
@mmguero mmguero added doc Relating to Malcolm documentation security Related to issues with bearing on the security of Malcolm itself labels Jan 16, 2025
@mmguero mmguero added this to the v25.02.0 milestone Jan 16, 2025
@mmguero mmguero added this to Malcolm Jan 16, 2025
@mmguero mmguero moved this to Todo in Malcolm Jan 16, 2025
@mmguero mmguero self-assigned this Feb 13, 2025
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Feb 14, 2025
@mmguero
cisagov#555, document standards for supply chain and code provenance …
a635f99 
…checking
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Feb 14, 2025
@mmguero
cisagov#555, document standards for supply chain and code provenance …
04ed7df 
…checking
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Feb 14, 2025
@mmguero
cisagov#555, document standards for supply chain and code provenance …
d98a434 
…checking
@mmguero mmguero moved this from Todo to Review in Malcolm Feb 14, 2025
@mmguero
Copy link
Collaborator Author

mmguero commented Feb 18, 2025

done, preview here

@mmguero mmguero closed this as completed Feb 18, 2025
@github-project-automation github-project-automation bot moved this from Review to Done in Malcolm Feb 18, 2025
@mmguero mmguero removed the status in Malcolm Feb 18, 2025
@mmguero mmguero moved this to Done in Malcolm Feb 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
doc Relating to Malcolm documentation security Related to issues with bearing on the security of Malcolm itself
Projects
Malcolm
Status: Done
Milestone
v25.02.0
Development

No branches or pull requests
1 participant
@mmguero