Skip to content

Latest commit

 

History

History
409 lines (313 loc) · 15.1 KB

meetings.md

File metadata and controls

409 lines (313 loc) · 15.1 KB
tags: SIG Software Supply Chain

CDF Software Supply Chain SIG Meetings

HacmKD documents

Quick links

Logistics

Agenda and Notes

Meeting agenda and notes are kept on HackMD.io where everyone can add new topics to the agenda for upcoming meetings or take notes during the meetings. Please click edit button to edit the document.

August 25, 2022

Participants

  • Ankit, Berkshire grey
  • Osama Magdy, Jenkins X
  • Rajat Gupta, Jenkins X
  • Justin Abrahms, eBay, CDF TOC/Board/SIG-Interoperability
  • Brett Smith, SAS
  • Emil Bäckmark, Ericsson, CDEvents
  • Fatih Degirmenci, CDF
  • Kara de la Marck, CDF
  • Rajat Gupta
  • Tharwat Abou-Helal
  • David Bendory, Google
  • David Espejo,
  • Hergy Tchuinkou,
  • Parth Patel, Kusari
  • Georg Kunz, Ericsson

Agenda and Notes

  • Action Item Review, All
  • Supply Chain Security Journey for Jenkins X - Now and Beyond, Osama Magdy, Jenkins X
  • Supply Chain Maturity Model, David Bendory, Google
    • Context: slack msg
    • https://github.com/ossf/scorecard
    • Code Health Project Score ("CHiPS" and SLSA) (hat/tip -- thanks to Billy Lynch for the clever name!)
    • Parth -- runtime attestations ("is my application only reaching out to known destinations")
    • Justin -- this sounds like policies that provide metrics around maturity

Action Items

  • Interested in Supply Chain Maturity Model / "CHiPS"? Please contact David Bendory on Slack to get involved.
    • From Zoom: Brett, Justin, Ankit, and Parth stated their interest to take part in the effort on Zoom chat

Meeting Recording

August 11, 2022

Participants

  • Fatih Degirmenci, CDF
  • Tracy Ragan, DeployHub, Ortelius and OpenSSF Board Member, CDF TOC
  • Justin Abrahms, eBay, CDF TOC/Board/SIG-Interoperability
  • Terry Cox, Bootstrap
  • Kara de la Marck, CDF
  • David Bendory, Google
  • Chuang Wang, Google
  • Yongxuan Zhang, Google
  • Prakash Jagatheesan, Google
  • Ronan, Google
  • Tim Miller, Kusari
  • Alex Misdorp
  • Michael Lieberman, Kusari
  • Parth Patel, Kusari
  • Andrea Frittoli, IBM, CDF TOC/Board/SIG-Events
  • Brett Smith, SAS
  • Charles Tudor, SAS
  • Eric Wimmer, SAS
  • Su Johnson, SAS
  • Scott Todd, SAS
  • Jill Madritch, SAS
  • Ankit D Mohapatra, berkshire grey
  • Rajat Gupta, Jenkins X
  • Osama Magdy, Jenkins X
  • Terry Cox
  • David Espejo
  • Georg Kunz
  • Juliane

Agenda and Notes

Action Items

  • AI: David Bendory to figure out if he can share the data points (e.g. proto or yaml) for the sbom/provenance they capture.
    • Response: https://slsa.dev/provenance exactly matches Google internal format in some places, while in others it is similar information but the schema is different.

Meeting Recording

July 28, 2022

Cancelled due to vacation period.

June 14, 2022

Cancelled due to vacation period.

June 23, 2022

Participants

  • Fatih Degirmenci, CDF
  • Brett Smith, SAS
  • Ankit, BG, Jenkins X
  • Terry Cox, Bootstrap
  • Andrew Larsen, SAS
  • Sudhindra Rao, JFrog
  • Stephen Chin, JFrog

Agenda and Notes

Action Items

  • None

Meeting Recording

June 9, 2022

Cancelled due to cdCon 2022.

May 26, 2022

Participants

  • Stephen Levine, VMWare
  • Ciro da Silva Costa, VMWare
  • Terry Cox
  • David Espejo, VMWare
  • Joshua Winters
  • Kara de la Marck
  • Rasheed Abdul-Aziz
  • Sam Coward
  • Scott Rosenberg
  • Waciuma
  • Fatih Degirmenci
  • Ankit Mohapatra, Dexai Robotics, Jenkins X

Agenda and Notes

Action Items

  • None

Meeting Recording

May 12, 2022

Participants

  • Georg Kunz, Ericsson
  • Erhan Vikyol, Storebrand
  • Daniel Krivelevich, Cider Security
  • Omer Gil, Cider Security
  • Terry Cox
  • Ann Marie Fred, Red Hat
  • Asaf Greenholts
  • David Espejo
  • Kara de la Marck, CDF
  • Moïse
  • Fatih Degirmenci, Ericsson Software Technology
  • Ankit Mohapatra, Dexai Robotics, Jenkins X

Agenda and Notes

Action Items

  • None

Meeting Recording

April 28, 2022

Participants

  • Fatih Degirmenci, Ericsson Software Technology
  • Kara de la Marck, CDF
  • Thomas Schuetz, Dynatrace
  • Josh Gavant, Red Hat (@joshgav)
  • Terry Cox
  • David Espejo, VMware
  • Maxime Gréau, Elastic
  • Emil Bäckmark, Ericsson
  • Georg Kunz, Ericsson

Agenda and Notes

Action Items

  • None

Meeting Recording

April 14, 2022

Participants

  • Jason Hall (Red Hat)
  • Maxime Gréau (Elastic)
  • Ankit (Dexai Robotics)
  • Kara de la Marck (CDF)
  • Fatih Degirmenci (Ericsson Software Technology)
  • Terry Cox
  • Priya Wadhwa (Chainguard)
  • Liora Milbaum (Red Hat)

Agenda and Notes

Action Items

  • None

Meeting Recording

March 24, 2022

Participants

  • David Espejo [VMware]
  • Georg Kunz, Ericsson
  • Mike Lieberman [Citi, CNCF Supply Chain Security WG]
  • Billy Lynch [Google, Tekton]
  • Ankit Mohapatra [Dexai Robotics, Jenkins X]
  • Kara de la Marck, CDF
  • Erhan Vikyol, Storebrand
  • Liora Milbaum, Red Hat
  • Fatih Degirmenci, Ericsson Software Technology
  • Terry Cox
  • Andrea Frittoli, IBM
  • Ann Marie Fred, Red Hat
  • Enric Forn
  • Maor Kuriel
  • Moïse Kameni
  • Parth Patel
  • Praneetha Manthravadi
  • Timothy Miller

Agenda and Notes

Action Items

  • None

Meeting Recording

March 10, 2022

Participants

  • Fatih Degirmenci, Ericsson Software Technology
  • Maxime Gréau, Elastic
  • Ann Marie Fred, Red Hat
  • Erhan Vikyol, Storebrand
  • Tracy Miranda, Chainguard
  • Kara de la Marck, CDF
  • Ankit D Mohapatra, Dexai Robotics
  • Melissa McKay, JFrog
  • Andrea Frittoli, IBM
  • Georg Kunz, Ericsson
  • Terry Cox
  • Liora Milbaum, Red Hat

Agenda and Notes

Action Items

  • None

Meeting Recording