Supply Chain Security
sgammon opened this issue · comments
Sam Gammon commented
The Java ecosystem would be appreciative if, given Guava's place as the number 4 artifact worldwide, efforts could be made to ship releases with SBOMs, SLSA provenance, and Sigstore support. This will prepare many many downstream projects and libraries for stronger dependency security.