Skip to content

Commit f048150

Browse files
monperrusmonperrus
authored
Update recommendations-chains.md
1 parent 8e77369 commit f048150

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

recommendations-chains.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,3 +26,9 @@ These items are harder to achieve than the recommendations above, because of lac
2626
- CHAINS encourages using functional package managers in CI (Guix, NIX)
2727
- CHAINS encourages automated publication of SBOMs as part of the release process ([tutorial for Github release](https://chains.proj.kth.se/sbom-github.html))
2828
- CHAINS encourages source-based package registries, such as Go. This increases transparency and auditability, and reduces the attack surface of malicious tampering.
29+
30+
## CHAINS says DONT
31+
32+
- DOn't use caching in your builds, strictly forbidden in your release builds ([caching attack](https://adnanthekhan.com/2024/05/06/the-monsters-in-your-build-cache-github-actions-cache-poisoning/))
33+
34+

0 commit comments

Comments
 (0)