You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CS will provide an on overview of SSCS, its relevance to developers, and practical guidance on improving the security of SSCs.
What security issues are commonly encountered related to this area?
Known vulnerable components used to build software
Using compromised or insecure third-party services or tools to develop, build, deliver, or otherwise manage software (which may not necessarily be "built" into the software as in the above)
Compromise of build script or processes
Compromise of code repositories or packages
Compromise of deployment processes or runtime environment (such as pulling a malicious update)
What is the objective of the Cheat Sheet?
The main objectives of the cheatsheet are: (1) provide an understanding of the various components which comprise the SSC, (2) identify common threats to the SSC, and (3) provide practical guidance on how developers can mitigate SSC risk.
The text was updated successfully, but these errors were encountered:
EbonyAdder
added
ACK_WAITING
Issue waiting acknowledgement from core team before to start the work to fix it.
HELP_WANTED
Issue for which help is wanted to do the job.
NEW_CS
Issue about the creation of a new cheat sheet.
labels
Mar 9, 2024
Looks awesome, do you want to work on PR @EbonyAdder?
mackowski
added
ACK_OBTAINED
Issue acknowledged from core team so work can be done to fix it.
and removed
ACK_WAITING
Issue waiting acknowledgement from core team before to start the work to fix it.
labels
Mar 11, 2024
What is the proposed Cheat Sheet about?
The CS will provide an on overview of SSCS, its relevance to developers, and practical guidance on improving the security of SSCs.
What security issues are commonly encountered related to this area?
What is the objective of the Cheat Sheet?
The main objectives of the cheatsheet are: (1) provide an understanding of the various components which comprise the SSC, (2) identify common threats to the SSC, and (3) provide practical guidance on how developers can mitigate SSC risk.
What other resources exist in this area?
The text was updated successfully, but these errors were encountered: