Skip to content

Pipeline v2 Compliance

This document has been consolidated. See the canonical location:

Pipeline v2 Compliance Guide

The canonical document covers:

  • Security scanning (CodeQL, Grype, Snyk)
  • License compliance (FOSSA)
  • Supply chain security (SLSA Level 3, Cosign, SBOM)
  • Code quality (golangci-lint, testing standards)
  • Repository hygiene (OSSF Scorecard, Dependabot)
  • CI/CD standards (GitHub Actions, just commands)
  • Vulnerability management (severity thresholds, reporting)