SOSS Fusion 2024

The OpenSSL Security Baseline proposes a framework for a common security posture across open source projects. The baseline requirements are designed to match the OpenSSF's project lifecycle: each level has been designed to provide increasing levels of protection with as little effort as possible. They range from secure repository configuration to the production of security metadata such as SBOMs and SLSA attestations. These requirements may sound daunting but the path forward is bright! The OpenSSF community has been working hard to create tools, specifications, and libraries to help harden the global software supply chain. While we have built amazing tooling to automate compliance, orchestration can still be challenging. Understanding at scale which resources are falling short of the baseline expectations needs coordination and remediation. Luckily this is where Minder comes in! Minder is an open source platform that monitors your repositories, builds, and artifacts to ensure they match a declared security posture. In contrast to other tools, it reconciles the state of your resources to match your desired state. Join Puerco for a live demo of meeting baseline compliance!