Skip to content

SECURITY-213: Generate an SBOM and package provenance notes for release candidates #842

Description

@kike-alt

ID: SECURITY-213
Track: SECURITY
Difficulty: intermediate
Priority: P2
Points: 200

Description

Release readiness improves when maintainers can point to a clear package inventory and provenance record.

Acceptance Criteria

  • Generate an SBOM or equivalent package inventory for maintained surfaces.
  • Document how maintainers should refresh the inventory for future release candidates.
  • Add or update tests, fixtures, and docs for the changed surface as needed.

Tech Stack / Files

  • frontend/package-lock.json
  • backend/package-lock.json
  • soroban/Cargo.lock
  • docs

Blocked By

None

Validation Requirements

targeted hardening checks or tests are added and maintained CI surfaces remain green

Metadata

Metadata

Assignees

No one assigned

    Labels

    EnhancementNew feature or requestHelp wantedExtra attention is neededStellar WaveIssues in the Stellar wave programcross-trackCross-track coordination requireddifficulty:intermediateIntermediate complexity issuepriority:P2Normal prioritysize:MMedium scopetrack:SECURITYSecurity and integrity hardening

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions