Innovative Supply Chain Security for Enterprise Cloud Platform Service
This blog explores how Guidewire Cloud Platform is using and collaborating with GUAC.
OpenSSF
OpenSSF Newsletter – August 2024
Welcome to the August 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar. Take: Developing Secure Software (LFD121) Attend: SOSS Community Day EU Sponsor: SOSS Fusion
A Bird’s-Eye View of LFD 121 (Developing Secure Software) — and Why Every Developer Should Take It
Software security has continued to grow in importance. The Linux Foundation has undertaken various initiatives around open source software security, such as the Open Source Security Foundation (OpenSSF)—–a full list of initiatives is available on LF Security.
GUAC v0.8.0 Released
GUAC v0.8.0 is now available. This release brings support for license information, node deletion, and many other improvements.
Announcing SigstoreCon: Supply Chain Day!
Join us for SigstoreCon: Supply Chain Day! Co-located with Kubecon NA 2024 in Salt Lake City, attendees will learn about simplifying signing and verification for digital artifacts using Sigstore, as well as related software supply chain efforts such as SLSA, The Update Framework, binary transparency, and more! CFP deadline is September 13.
Mitigating Attack Vectors in GitHub Workflows
GitHub Actions are commonly used to automate processes in repositories, by running CI (continuous integration) tests on pull requests for example. It can also be used to make a package release process more secure just by making it automated. But, it is important to be careful to ensure that they are safe and do not…
Call for Proposals: SOSS Community Day Japan 2024
We are excited to announce that the OpenSSF is hosting Security of Open Source Software (SOSS) Community Day Japan 2024, scheduled for Wednesday, October 30, 2024. This one-day event will take place in Tokyo, Japan, and the call for proposals (CFP) is now open.
What’s Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability
In July, a historic moment took place for open source, where it took center stage at the two-day "OSPOs for Good" symposium at the United Nations. Co-hosted by Kenya and Germany, experts from the worlds of open source, government, and NGOs came together to learn and share how open source is being used to address global…
OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF
In July, Open Source Security Foundation (OpenSSF) participated in three key events that highlight its dedication to enhancing open source software security for the global public good: the United Nations OSPOs for Good 2024 Conference and the What’s Next for Open Source? Workshops both in New York City, as well as the OECD Global Forum…
New Guide for Package Repositories to Adopt Trusted Publishers
By Seth Michael Larson The Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group (WG) has just released a new guide for maintainers of open source software repositories. The...