minder icon indicating copy to clipboard operation
minder copied to clipboard
verified publisher icon stacklok

Check for published SBOM after a release

Open puerco opened this issue 1 year ago • 1 comments

Minder should be able to, at least, check for a published SBOM in the GitHub release assets and/or other well-known locations or by following the breadcrumbs in SECURITY_INSIGHTS.yaml.

puerco avatar Jul 11 '24 07:07 puerco

This is proposed as SA-11 in https://github.com/ossf/security-baseline/pull/163

evankanderson avatar Jan 28 '25 14:01 evankanderson