guava icon indicating copy to clipboard operation
guava copied to clipboard

Published 20 hours ago verified publisher icon google

Supply Chain Security

Open sgammon opened this issue 1 year ago • 0 comments

The Java ecosystem would be appreciative if, given Guava's place as the number 4 artifact worldwide, efforts could be made to ship releases with SBOMs, SLSA provenance, and Sigstore support. This will prepare many many downstream projects and libraries for stronger dependency security.

sgammon avatar Mar 08 '24 07:03 sgammon