community-ambassador-program icon indicating copy to clipboard operation
community-ambassador-program copied to clipboard

Published 20 hours ago verified publisher icon cdfoundation

CI/CD (Infrastructure) Bill of Material

Open bajpaigarima opened this issue 2 years ago • 2 comments

  • A CI/CD Bill of Materials can be used to support the systematic review of known security vulnerabilities in open source components and approval of each component’s

  • An CI/CD BOM is useful both to the builder (manufacturer) and the buyer (customer) of a software product

  • Cyber Supply Chain Management and Transparency Act of 2014[10] was US legislation that proposed to require government agencies to obtain SBOMs for any new products they purchase, so it can help CI/CD consumers and producers

bajpaigarima avatar Mar 24 '22 11:03 bajpaigarima

This would likely combine well with a post\subsection on transparency logs. The ability to provide a historic tamper resistant view of not just the SBOM but attestations on testing, validation and build process. As well as combining with the automation to prevent unsigned resources from being run-able.

kcollasarundell avatar Mar 29 '22 23:03 kcollasarundell

@Saim-Safdar can help connect with Tracy Ragan and Steve Taylor on this.

bradmccoydev avatar Jul 22 '22 15:07 bradmccoydev