Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supply Chain Security #7088

Open
sgammon opened this issue Mar 8, 2024 · 0 comments · May be fixed by #7089
Open

Supply Chain Security #7088

sgammon opened this issue Mar 8, 2024 · 0 comments · May be fixed by #7089
Assignees
@cpovirk
Labels
P3 package=general type=other Miscellaneous activities not covered by other type= labels

Comments

@sgammon
Copy link
Contributor

sgammon commented Mar 8, 2024
edited

The Java ecosystem would be appreciative if, given Guava's place as the number 4 artifact worldwide, efforts could be made to ship releases with SBOMs, SLSA provenance, and Sigstore support. This will prepare many many downstream projects and libraries for stronger dependency security.
@sgammon sgammon linked a pull request Mar 8, 2024 that will close this issue
Open
@netdpb netdpb added type=other Miscellaneous activities not covered by other type= labels package=general P3 labels Mar 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cpovirk cpovirk

Labels
P3 package=general type=other Miscellaneous activities not covered by other type= labels
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(ci): improvements to gha workflows sgammon/guava
3 participants
@sgammon @cpovirk @netdpb