You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CDK depends on many third-party open-source libraries. Because of that, it needs to manage what happens when a security issue is found in one of them, and how do we defend against supply chain attacks.
Roles
Driver (drives the proposal to completion): @skinny85
Approver(s): (assigned by CDK team)
The text was updated successfully, but these errors were encountered:
I reckon this issue should raise the question about AWS funding these 3rd party tools in a business partnership model. A tool like @feross@SocketDev could really shine here, but again, a funding and license model is key.
Marking this RFCs as stale like the associated PR. We appreciate the effort that has gone into this proposal. Marking an RFCs as stale is not a one-way door. If you have made substantial changes to the proposal, please open a new issue/RFC. You might also consider raising a PR to aws/aws-cdk directly or self-publishing to Construct Hub.
Description
The CDK depends on many third-party open-source libraries. Because of that, it needs to manage what happens when a security issue is found in one of them, and how do we defend against supply chain attacks.
Roles
The text was updated successfully, but these errors were encountered: