Improve supplychain security in the build service
an idea by kbabioch
Updated almost 2 years ago. 1 hackers ♥️. 1 follower. Has no hacker: grab it!

In the past I've worked on a set of scripts to identify potential for improvement of the supply chain within our build service. For now RPM files can be scanned for unused signature files that are available upstream and look for potentially unused https:// links, although they are available.

These scripts work on a prototype-basis, but there is a lot of follow-up work to do, e.g.:

  • Re-structuring and tidying up the source
  • Improve the API of the libraries
  • Implement advanced features (look through all of the existing # TODO comments)
  • Add test cases to make scripts and libraries more robust
  • Move from GitHub to internal GitLab instance
  • Implement robust continuous integration
  • Create script that will scan through the (Factory) source tree on a regular basis

No Hackers yet

Join this project

Looking for hackers with the skills:

programming python security coding ci infrastructure script

This project is part of:

Hack Week 17

Activity

  • almost 2 years ago: isaacschwartzman left this project.
  • almost 2 years ago: isaacschwartzman started this project.
  • about 3 years ago: kbabioch liked this project.
  • about 3 years ago: kbabioch added keyword "script" to this project.
  • about 3 years ago: kbabioch added keyword "python" to this project.
  • about 3 years ago: kbabioch added keyword "security" to this project.
  • about 3 years ago: kbabioch added keyword "coding" to this project.
  • about 3 years ago: kbabioch added keyword "ci" to this project.
  • about 3 years ago: kbabioch added keyword "infrastructure" to this project.
  • about 3 years ago: kbabioch added keyword "programming" to this project.

    • All Activity

    Comments

    Be the first to comment!

    Similar Projects

    Language Server Protocol implementation for Salt States by cbosdonnat

    [Language Server Protocol](https://microsoft.gi...

    YAML 1.2 Schema support for PyYAML by tinita

    [comment]: # (Please use the project descriptio...

    Learn python, python-gtk3, play with orangepi zero, experiment ili9341 and 20x4 LCD screen by aginies

    Project Description

    Learn python: get dat...

    Develop a monitoring system with web frontend for virtualization servers by nzhang

    [comment]: # (Please use the project descriptio...

    Build Microservice Architecture with Kubernetes by aqsa_malik

    Project Description

    The aim of the project ...

    Dawnscanner: revive the project and create an RPM package by pperego

    [comment]: # (Please use the project descriptio...

    Kanidm - A modern opensource IDM by firstyear

    Project Description

    Kanidm is a modern, fas...

    Make geekos app available in SUSE EKS cluster by digitaltomm

    The current [geekos install](http://geekos.prv....

    multipath-tools: improve CI by mwilck

    Project Description

    multipath-tools is ...

    Predictive test selection for SUSE Manager by jordimassaguerpla

    I once had a bad dream.

    I started good, a su...

    Improve openSUSE infrastructure by lrupp

    There is always something to do if you run the ...