Skip to end of metadata
Go to start of metadata

Share your community's best practices that might be applicable to other projects.


CI/CD best practices

  • Automating rejection of insecure merges (planned PoC in ONAP)

Software Bill Of Materials (SBOM)


Software packaging

How to secrete supply chain? signing and authentication. Are there common ways to package software in the LF? There are differences in tooling, that depend on things like the programming language. There may not be one tool that fits all.

How to test security (as part of CI/CD)?

How to manage dependencies?

  • Direct dependencies are simpler
  • Indirect dependencies may be more tricky
  • How to automate the mitigation?
  • No labels