Skip to content

Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.

License

Notifications You must be signed in to change notification settings

samwhite-gl/wg-supply-chain-integrity

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Supply Chain Integrity WG

Objective

The objective of the Supply Chain Integrity Working Group (WG) is to provide a global community for collaborating to help individuals and organizations assess and improve the security of end-to-end supply chains for open source software.

Motivation

Supply chain issues and attacks cause significant damage worldwide including lost revenue, costs of ransomware payments, costs of mitigation, denial of access to resources, reduced customer trust, and public deception. As a matter of public trust, governments are beginning to mandate actions aimed at improving the security and integrity of supply chains. The US White House Executive Order on Improving the Nation’s Cybersecurity is one such example.

Communications

We have a public email list available here: https://lists.openssf.org/g/openssf-supply-chain-integrity

See Google Groups for past archive: https://groups.google.com/forum/#!forum/ossf-wg-developer-identity

You can also join our Slack channel at https://openssf.slack.com/messages/wg_supply_chain_integrity

Meetings

The working group meets every other Wednesday at 9 AM Pacific. The public calendar is available here: https://calendar.google.com/calendar/r?cid=czYzdm9lZmhwNWk5cGZsdGI1cTY3bmdwZXNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ

Subscribe to the calendar for meeting details.

Meeting Notes and Agendas are available on Google Drive. (Join the group listed under communications to edit.)

Documents

Documents for the working group can be found in the following Google Drive location: https://drive.google.com/drive/folders/14VpLCYYAEZt1OQn490ajBg28TKXNPuUJ?usp=sharing

Documents include the following:

Activities

Governance

This WG is chaired by Kim Lewandowski and Dan Lorenc

Working Group operations are consistent with standard operating guidelines provided by the OSSF Technical Advisory Committee TAC.

Full details of process and roles are linked from governance README.

Antitrust policy

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

About

Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published