CNCF Supply Chain Security Survey |
Supply chain attacks are on the rise. Open source maintainers must take action to mitigate the risk of compromise by commensurably securing the build infrastructure of their projects.
To help mitigate the impact of these attacks, the CNCF TAG Security group has created the CNCF Software Supply Chain Security Best Practices and the corresponding Secure Software Factory reference architecture. The goal of CNCF TAG Security’s Supply Chain Security WG is to help open source organizations and projects evaluate gaps in their current software supply chain and provide a path forward to remediate based on the best practices and reference architecture.
As part of a concerted effort from the CNCF to help maintainers bridge this gap, TAG Security is conducting this survey as a first step to develop deeper understanding the set of supply chain challenges to overcome that projects maintainers are confronted by, in order from there to formulate how to best engage and help.
These questions refer to your organization or project: