Check out some of the initiatives across the board: https://github.com/ossf (Lot... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

thenerdhead on May 7, 2022 | parent | context | favorite | on: Unauthorized gem takeover for some gems

Check out some of the initiatives across the board:

https://github.com/ossf (Lots of WG and efforts such as package analysis, scorecards, etc)

https://deps.dev/ (Implements OSSF scorecard)

jacques_chester on May 8, 2022 [–]

In particular, check out the Securing Software Repos WG: https://github.com/ossf/wg-securing-software-repos

So far folks have turned up from RubyGems, PyPI, NPM, Maven Central, Gradle, Drupal and I'm probably forgotten someone.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact