I would like to do some improvements regarding release management. This involves several software supply chain security improvements:
- Creating a changelog with every release
- Creating a SBOM for every release (Software Bill of Materials)
- Create signed releases with the chainguard stack
An example project for such a project can be found here: https://github.com/shibumi/secure-supply-chain-example
Would be nice if we manage to be SLSA compliant with our releases.
I would like to do some improvements regarding release management. This involves several software supply chain security improvements:
An example project for such a project can be found here: https://github.com/shibumi/secure-supply-chain-example
Would be nice if we manage to be SLSA compliant with our releases.