Improve supplychain security in the build service
an idea by kbabioch
Updated over 4 years ago. 1 hackers ♥️. 1 follower. Has no hacker: grab it!

In the past I've worked on a set of scripts to identify potential for improvement of the supply chain within our build service. For now RPM files can be scanned for unused signature files that are available upstream and look for potentially unused https:// links, although they are available.

These scripts work on a prototype-basis, but there is a lot of follow-up work to do, e.g.:

  • Re-structuring and tidying up the source
  • Improve the API of the libraries
  • Implement advanced features (look through all of the existing # TODO comments)
  • Add test cases to make scripts and libraries more robust
  • Move from GitHub to internal GitLab instance
  • Implement robust continuous integration
  • Create script that will scan through the (Factory) source tree on a regular basis

No Hackers yet

Join this project

Looking for hackers with the skills:

programming python security coding ci infrastructure script

This project is part of:

Hack Week 17

Activity

  • over 4 years ago: isaacschwartzman left this project.
  • over 4 years ago: isaacschwartzman started this project.
  • over 5 years ago: kbabioch liked this project.
  • over 5 years ago: kbabioch added keyword "script" to this project.
  • over 5 years ago: kbabioch added keyword "python" to this project.
  • over 5 years ago: kbabioch added keyword "security" to this project.
  • over 5 years ago: kbabioch added keyword "coding" to this project.
  • over 5 years ago: kbabioch added keyword "ci" to this project.
  • over 5 years ago: kbabioch added keyword "infrastructure" to this project.
  • over 5 years ago: kbabioch added keyword "programming" to this project.
  • over 5 years ago: kbabioch originated this project.


    • Comments

    Be the first to comment!

    Similar Projects

    Script that loads dummy data into HANA database for testing purposes. by rangelino

    [comment]: # (Please use the project descriptio...

    Forklift - Text based GUI utility for dealing with containers by andreabenini

    [comment]: # (Please use the project descriptio...

    Grab precise changes in log file/s between system events by smhalas

    [comment]: # (Please use the project descriptio...

    A quantum physics experiment puzzle (designed with Google's CP-SAT solver) by moio

    [![link to video player demoing the result](htt...

    Testing and adding GNU/Linux distributions on Uyuni by juliogonzalezgil

    Join the Gitter channel! [https://gitter.im/uy...

    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...

    Predefined app security policy template for NeuVector by feih

    Project Description

    Idea is to predefin...

    Port NeuVector zero-trust security functions to host/VM by feih

    Project Description

    Today, NeuVector on...

    Package MONAI Machine Learning Models for Medical Applications by jordimassaguerpla

    Project Description

    MONAI Deploy aims to ...

    Test Results for openQA on GitHub by livdywan

    Project Description

    Jobs in openQA are us...