You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
⚡ Fun fact: I love books, videogames, animes and mangas.
About GOSST 👻
GOSST was created in response to the
increasing supply-chain attacks on projects that consume open-source code.
It works along with the Linux Foundation's
Open Source Security Foundation (OpenSSF) to improve the security of the
open-source ecosystem. GOSST and the OpenSSF develop solutions to make open-source
software safer at scale. See here for info on Google's
open-source initiatives.
I'm part of a GOSST sub-team responsible for working hand-in-hand with the open-source
community. We focus on helping individual critical projects
increase their security. Our goals are to:
develop specific approaches for each project;
suggest solutions or enhancements that fit the project's needs and don't overburden
maintainers;
talk with maintainers about our suggestion or about any other solutions they might
prefer;
implement the changes and submit them as PRs;
collect all feedback to be shared with the rest of GOSST and the OpenSSF.
Security Solutions
See below some of the tools developed by GOSST and the OpenSSF:
Scorecard: automated checks to evaluate a project's security practices
and suggest improvements as needed;
SLSA (pronounced "salsa"): a standard and protocol to ensure an artifact's
provenance, guaranteeing it comes from the expected location and process. This aims to
prevent tampering and improve the integrity of infrastructure and consumed packages;
Sigstore: keyless signing and verification of artifacts;
