Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SUPPLY-CHAIN] Supply chain security #1344

Open
philipandersson opened this issue Mar 31, 2023 · 0 comments
Open

[SUPPLY-CHAIN] Supply chain security #1344

philipandersson opened this issue Mar 31, 2023 · 0 comments
Labels
Epic Issues container Project: DEV-PROC Superfluid development processes related to DevSecOps, Quality and InfoSec. Tag: Idea Raw idea, questions, thoughts and brainstorming notes Type: Security Security related system improvements

Comments

@philipandersson
Copy link

Right now we don't have enough measures to mitigate supply chain security. To make sure we are not vulnerable due to third party code we should integrate some checks for known security issues/vulns.

Two paths that we could explore:

In addition to this, we should utilize Dependabot to make sure we are applying security updates & patches. Dependabot can scan our dependencies and open a PR with the security update needed.
@philipandersson philipandersson added Team: Protocol Protocol Core, Sentinel, Peripherals, Protocol Infrastructure Tools & DevOps Type: Security Security related system improvements labels Mar 31, 2023
@hellwolf hellwolf added the Tag: Idea Raw idea, questions, thoughts and brainstorming notes label Sep 27, 2023
@hellwolf hellwolf added the Project: DEV-PROC Superfluid development processes related to DevSecOps, Quality and InfoSec. label Jan 18, 2024
@hellwolf hellwolf added Epic Issues container and removed Team: Protocol Protocol Core, Sentinel, Peripherals, Protocol Infrastructure Tools & DevOps labels Mar 11, 2024
@hellwolf hellwolf changed the title [SECURITY] Supply chain security [SUPPLY-CHAIN] Supply chain security Sep 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Epic Issues container Project: DEV-PROC Superfluid development processes related to DevSecOps, Quality and InfoSec. Tag: Idea Raw idea, questions, thoughts and brainstorming notes Type: Security Security related system improvements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hellwolf @philipandersson