In the past I've worked on a set of scripts to identify potential for improvement of the supply chain within our build service. For now RPM files can be scanned for unused signature files that are available upstream and look for potentially unused https:// links, although they are available.

These scripts work on a prototype-basis, but there is a lot of follow-up work to do, e.g.:

  • Re-structuring and tidying up the source
  • Improve the API of the libraries
  • Implement advanced features (look through all of the existing # TODO comments)
  • Add test cases to make scripts and libraries more robust
  • Move from GitHub to internal GitLab instance
  • Implement robust continuous integration
  • Create script that will scan through the (Factory) source tree on a regular basis

Looking for hackers with the skills:

programming python security coding ci infrastructure script

This project is part of:

Hack Week 17

Activity

  • 6 months ago: isaacschwartzman left Improve supplychain security in the build service
  • 6 months ago: isaacschwartzman started Improve supplychain security in the build service
  • over 1 year ago: kbabioch liked Improve supplychain security in the build service
  • over 1 year ago: kbabioch added keyword "script" to Improve supplychain security in the build service
  • over 1 year ago: kbabioch added keyword "python" to Improve supplychain security in the build service
  • over 1 year ago: kbabioch added keyword "security" to Improve supplychain security in the build service
  • over 1 year ago: kbabioch added keyword "coding" to Improve supplychain security in the build service
  • over 1 year ago: kbabioch added keyword "ci" to Improve supplychain security in the build service
  • over 1 year ago: kbabioch added keyword "infrastructure" to Improve supplychain security in the build service
  • over 1 year ago: kbabioch added keyword "programming" to Improve supplychain security in the build service
  • All Activity

    Comments

    Be the first to comment!

    Similar Projects

    Simple script to obtain latest project version for package maintenance purpose by wnereiz

    I am now maintaining many packages for openSUSE...


    openSUSE Leap release process improvements by lkocman

    Goal:

    I'd like to have the release proce...


    Try to write simple rope-base Python language-server for LSP protocol by mcepl

    Future of tools supporting editors in dealing w...


    Write a commandline client for the geekos by dheidler

    There used to be a tool called tel that would...


    Home assistant that doesn't spy on you - developer's edition by DKarakasilis

    There are various home assistant solutions out ...


    Kanidm: A safe and modern IDM system by firstyear

    This hackweek I'll be working on Kanidm, an IDM...


    openSUSE Leap release process improvements by lkocman

    Goal:

    I'd like to have the release proce...


    Create a CLI to spawn jenkins slaves in public clouds by tbechtold

    The SES team already has code to spawn nodes in...


    Improve openSUSE infrastructure by lrupp

    There is always something to do if you run the ...