tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Suggestion] Review NPM supply chain proposal and make recommendations

Open lumjjb opened this issue 3 years ago • 2 comments

Description: Review NPM supply chain proposal and make recommendations

Impact: Review the proposal and ensure that it is in line with CNCF supply chain whitepaper and software factory reference architecture.

Scope: A couple hours from a community member

Additional info:

  • NPM Proposal: https://github.com/npm/rfcs/blob/link-packages-to-source-and-build/accepted/0000-link-packages-to-source-and-build.md
  • Software Factory Ref Arch Paper: https://github.com/cncf/tag-security/blob/main/supply-chain-security/secure-software-factory/Secure_Software_Factory_Whitepaper.pdf
  • Cloud Native Supply Chain Best Practices Paper: https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf

lumjjb avatar Aug 11 '22 20:08 lumjjb

I have been providing feedback myself. I think by and large it's good as a first step. Also, will be setting up some conversations with the leads.

mlieberman85 avatar Aug 11 '22 22:08 mlieberman85

@mlieberman85 any updates on this?

(Just doing this as part of triage in working session)

PushkarJ avatar Sep 21 '22 17:09 PushkarJ

This issue has been automatically marked as inactive because it has not had recent activity.

stale[bot] avatar Nov 23 '22 04:11 stale[bot]

Proposal is now merged

anvega avatar Jun 21 '23 01:06 anvega