Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Software Supply Chain Best Practices v2 markdown #1396

Merged
merged 19 commits into from
Nov 8, 2024
Merged

Add Software Supply Chain Best Practices v2 markdown #1396

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
d4e9b36
Add Software Supply Chain Best Practices v2 markdown
mnm678 Oct 29, 2024
5fa27e6
linting fixes
mnm678 Oct 30, 2024
6e0c8b5
More linting fixes
mnm678 Oct 31, 2024
ad6b8f2
fix links
mnm678 Oct 31, 2024
530a88c
Fix links and spelling
mnm678 Oct 31, 2024
269966f
Add Software Supply Chain Best Practices v2 markdown
mnm678 Oct 29, 2024
44a0faf
linting fixes
mnm678 Oct 30, 2024
fa524dd
More linting fixes
mnm678 Oct 31, 2024
a185908
fix links
mnm678 Oct 31, 2024
2b44ba8
Fix links and spelling
mnm678 Oct 31, 2024
aec64fe
lint fix
mnm678 Nov 4, 2024
d773f67
Merge branch 'SSCSWPv2' of github.com:mnm678/tag-security into SSCSWPv2
mnm678 Nov 4, 2024
4e430e1
Apply suggestions from code review
mnm678 Nov 6, 2024
05cae01
formatting and grammar fixes
mnm678 Nov 6, 2024
6d5d8cf
Update community/working-groups/supply-chain-security/suply-chain-sec…
mnm678 Nov 6, 2024
a38138c
formatting
mnm678 Nov 6, 2024
7ce3ade
Merge branch 'main' into SSCSWPv2
mnm678 Nov 8, 2024
3315fd8
Merge branch 'SSCSWPv2' of github.com:mnm678/tag-security into SSCSWPv2
mnm678 Nov 8, 2024
035f152
Merge branch 'main' into SSCSWPv2
mnm678 Nov 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions ci/spelling-config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,22 @@
"Aniszczyk",
"antifragile",
"APAC",
"architecting",
"archives",
"Archivista",
"ARMO",
"ATT&CK",
"backdoors",
"Benedictis",
"Bottlerocket",
"buildinfo",
"Buildpacks",
"BYOK",
"Cappos",
"cgroups",
"chainguard",
"cisecurity",
"CISA",
"CISO",
"cloudcustodian",
"CLOMonitor",
Expand All @@ -46,11 +51,15 @@
"cybercriminals",
"DAAS",
"DAST",
"DBIR",
"ddos",
"DFIR",
"Diffoscope",
"Dockerfiles",
"dynatrace",
"EIOPA",
"EMEA",
"EPSS",
"ESMA",
"exfiltrate",
"exfiltration",
Expand All @@ -67,6 +76,7 @@
"gconv",
"gitsign",
"gittuf",
"Grafeas",
"GUAC",
"helm",
"HIPAA",
Expand All @@ -85,6 +95,7 @@
"KETRMAX",
"keycloak",
"Kjell",
"Kritis",
"Kube",
"kubecon",
"Kubernetes",
Expand All @@ -106,6 +117,7 @@
"minimalistic",
"mitigations",
"MSSP",
"MTTR",
"NACLs",
"netgroupcache",
"oidc",
Expand All @@ -121,6 +133,8 @@
"pcre",
"PEAR",
"pearweb",
"Peribolos",
"Petya",
"PHP",
"Pronin",
"protobuf",
Expand All @@ -130,9 +144,15 @@
"Razzak",
"RBAC",
"RCOS",
"rebuilder",
"Rebuilderd",
"refreshable",
"Rego",
"relatability",
"renovatebot",
"Rensselaer",
"Roadmap",
"RSTUF",
"runtimes",
"sandboxed",
"sandboxing",
Expand All @@ -144,6 +164,7 @@
"semgrep",
"Sergey",
"Shlomo",
"SIEM",
"Sigstore",
"SLSA",
"snyk",
Expand All @@ -160,13 +181,15 @@
"Syft",
"syscall",
"TAR",
"Tekton",
"timeframe",
"TOCTOU",
"toolset",
"triage",
"triaged",
"triaging",
"trojanized",
"trufflehog",
"TTPS",
"Twintag",
"unencrypted",
Expand All @@ -177,6 +200,7 @@
"urllib",
"usecase",
"venv",
"vexy",
"Virtool",
"Wolt",
"Yubi",
Expand Down
1 change: 1 addition & 0 deletions community/publications/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ This document lists all the publications and resources that TAG Security has pro
| | OPA | Markdown | [Link](/community/assessments/projects/opa) |
| | Spiffe-Spire | Markdown | [Link](/community/assessments/projects/spiffe-spire) |
| **Supply Chain Security** | | | |
| | Software Supply Chain Best Practices v2 | Markdown | [Link](/community/working-groups/supply-chain-security/supply-chain-security-paper-v2/SSCBPv2.md) |
| | Software Supply Chain Best Practices | Markdown | [Link](/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp.md) |
| | | PDF | [Link](/community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf) |
| | Evaluating your supply chain security | Markdown | [Link](/community/working-groups/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md) |
Expand Down
16 changes: 16 additions & 0 deletions ...ty/working-groups/supply-chain-security/suply-chain-security-paper-v2/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Software Supply Chain Best Practices v2

## About

This is an update to the Software Supply Chain Best Practices whitepaper that accounts for how the field has evolved.
The paper adds descriptions of personas to help guide the reader to relevant parts of the paper, and updates descriptions of the software supply chain best practices.

## Updates

Minor updates (typo fixes, etc) will be accepted to the markdown version of this paper.

Larger updates may be proposed, but may be pushed to a future version of the paper.

## Markdown

The [markdown](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper-v2/SSCBPv2.md) file is available in the repository.
Loading