Skip to content

Commit

Permalink
Merge branch 'main' into update-openfga-self-assessment
Browse files Browse the repository at this point in the history
  • Loading branch information
@aaguiarz
aaguiarz authored Nov 9, 2024
2 parents ef4da58 + b702fe6 commit 04ee2ea
Show file tree
Hide file tree
Showing 4 changed files with 1,286 additions and 0 deletions.
24 changes: 24 additions & 0 deletions ci/spelling-config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,22 @@
"Aniszczyk",
"antifragile",
"APAC",
"architecting",
"archives",
"Archivista",
"ARMO",
"ATT&CK",
"backdoors",
"Benedictis",
"Bottlerocket",
"buildinfo",
"Buildpacks",
"BYOK",
"Cappos",
"cgroups",
"chainguard",
"cisecurity",
"CISA",
"CISO",
"cloudcustodian",
"CLOMonitor",
Expand All @@ -46,11 +51,15 @@
"cybercriminals",
"DAAS",
"DAST",
"DBIR",
"ddos",
"DFIR",
"Diffoscope",
"Dockerfiles",
"dynatrace",
"EIOPA",
"EMEA",
"EPSS",
"ESMA",
"exfiltrate",
"exfiltration",
Expand All @@ -67,6 +76,7 @@
"gconv",
"gitsign",
"gittuf",
"Grafeas",
"GUAC",
"helm",
"HIPAA",
Expand All @@ -85,6 +95,7 @@
"KETRMAX",
"keycloak",
"Kjell",
"Kritis",
"Kube",
"kubecon",
"Kubernetes",
Expand All @@ -106,6 +117,7 @@
"minimalistic",
"mitigations",
"MSSP",
"MTTR",
"NACLs",
"netgroupcache",
"oidc",
Expand All @@ -121,6 +133,8 @@
"pcre",
"PEAR",
"pearweb",
"Peribolos",
"Petya",
"PHP",
"Pronin",
"protobuf",
Expand All @@ -130,9 +144,15 @@
"Razzak",
"RBAC",
"RCOS",
"rebuilder",
"Rebuilderd",
"refreshable",
"Rego",
"relatability",
"renovatebot",
"Rensselaer",
"Roadmap",
"RSTUF",
"runtimes",
"sandboxed",
"sandboxing",
Expand All @@ -144,6 +164,7 @@
"semgrep",
"Sergey",
"Shlomo",
"SIEM",
"Sigstore",
"SLSA",
"snyk",
Expand All @@ -160,13 +181,15 @@
"Syft",
"syscall",
"TAR",
"Tekton",
"timeframe",
"TOCTOU",
"toolset",
"triage",
"triaged",
"triaging",
"trojanized",
"trufflehog",
"TTPS",
"Twintag",
"unencrypted",
Expand All @@ -177,6 +200,7 @@
"urllib",
"usecase",
"venv",
"vexy",
"Virtool",
"Wolt",
"Yubi",
Expand Down
1 change: 1 addition & 0 deletions community/publications/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ This document lists all the publications and resources that TAG Security has pro
| | OPA | Markdown | [Link](/community/assessments/projects/opa) |
| | Spiffe-Spire | Markdown | [Link](/community/assessments/projects/spiffe-spire) |
| **Supply Chain Security** | | | |
| | Software Supply Chain Best Practices v2 | Markdown | [Link](/community/working-groups/supply-chain-security/supply-chain-security-paper-v2/SSCBPv2.md) |
| | Software Supply Chain Best Practices | Markdown | [Link](/community/working-groups/supply-chain-security/supply-chain-security-paper/sscsp.md) |
| | | PDF | [Link](/community/working-groups/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf) |
| | Evaluating your supply chain security | Markdown | [Link](/community/working-groups/supply-chain-security/supply-chain-security-paper/secure-supply-chain-assessment.md) |
Expand Down
16 changes: 16 additions & 0 deletions ...ty/working-groups/supply-chain-security/suply-chain-security-paper-v2/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Software Supply Chain Best Practices v2

## About

This is an update to the Software Supply Chain Best Practices whitepaper that accounts for how the field has evolved.
The paper adds descriptions of personas to help guide the reader to relevant parts of the paper, and updates descriptions of the software supply chain best practices.

## Updates

Minor updates (typo fixes, etc) will be accepted to the markdown version of this paper.

Larger updates may be proposed, but may be pushed to a future version of the paper.

## Markdown

The [markdown](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper-v2/SSCBPv2.md) file is available in the repository.
Loading

0 comments on commit 04ee2ea

Please sign in to comment.