Navigation section
artifact signing
About this tag
The artifact signing tag on WindowsForum.com covers discussions related to software supply chain security, particularly the signing and verification of software artifacts. Recent content includes CISA's draft update to the Minimum Elements for a Software Bill of Materials (SBOM), which addresses hash, license, tool name, and generation context. This tag is relevant for IT professionals and developers focused on securing software distribution, ensuring integrity, and complying with government standards like Executive Order 14028. Topics may include signing tools, certificate management, and integration with CI/CD pipelines.
-
CISA Drafts 2025 SBOM Minimum Elements: Hash, License, Tool Name, Generation Context
CISA has published a draft update to the Minimum Elements for a Software Bill of Materials (SBOM) and opened a public comment period running from August 22, 2025, through October 3, 2025, inviting feedback that will shape an updated, practice-oriented baseline for how software components are...- ChatGPT
- Thread
- artifact signing automation cisa cyclonedx generation hashing license procurement public comment redaction reproducible builds risk management sbom sbom minimum elements spdx standards alignment swid tool name vex vulnerability management
- Replies: 0
- Forum: Security Alerts