Update threats.md to discuss SLSA Source Track #1187
Labels
Comments
TomHennen
added a commit
to TomHennen/slsa
that referenced
this issue
Oct 14, 2024
Using the same language we have for "Compromise build platform admin". Filed slsa-framework#1187 to track Fixes slsa-framework#1179. Signed-off-by: Tom Hennen <[email protected]>
lehors
added a commit
that referenced
this issue
Oct 16, 2024
…1188) Add mitigation for malicious source platform admin. We didn't have any guidance for this threat. There are a number of ways we may be able to address this in the future via the SLSA Source Track and/or tools like gittuf. However, SLSA doesn't currently address them. This entire section is already labeled as not being handled by SLSA but does still include other mitigations. I'm using the same language we have for "Compromise build platform admin", which seems like the same sort of threat, and should work 'fine' until we have something better. Filed #1187 to track Fixes #1179. --------- Signed-off-by: Tom Hennen <[email protected]> Signed-off-by: Arnaud J Le Hors <[email protected]> Co-authored-by: Arnaud J Le Hors <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's an entire section in threats.md about the SLSA Source Track. Before we finish the track we should update threats.md to talk about the source track specifically.
The text was updated successfully, but these errors were encountered: