We would like to propose a new SIG, SIG Software Supply Chain, and are seeking community feedback.
There are many parts of the software lifecycle that need attention and the focus of this SIG is the CI/CD in order to avoid overlaps with existing initiatives and contribute to them with the aim to improve the security posture of the projects, products, and production systems themselves from CI/CD perspective.
We appreciate any feedback you share and welcome community members to state their interest to take part in this initiative by commenting directly on the pull request.
