Securing Software Repositories

Motivation

This working group is for and focuses on the maintainers of software repositories, software registries, and tools which rely on them, at various levels including system, language, plugin, extensions and container systems. It provides a forum to share experiences and to discuss shared problems, risks and threats.

Objective

Enable faster cross-pollination of existing ideas across ecosystems (including technical measures, infrastructure approaches, and policies)

  • Act as a clearinghouse for new ideas that could benefit multiple ecosystems
  • Enable maintainers to better align and coordinate policies and changes between different ecosystems
  • Identify & escalate needs for infrastructure and assistance for shared tooling and/or services (to be filled by supportive or sponsoring organizations (such as the OpenSSF))
  • Develop methods for sharing data related to software repositories, software registries, and tools which rely on them
  • Delegate solving particular problems and goals to subgroups or other workgroups as appropriate

The working group may create:

  • Normative, non-binding recommendations on common schemas
  • Descriptive documentation of experiences and best practices

Website

GitHub

Slack

Mailing List

EMEA Meeting

APAC Meeting