Security & Supply Chain
Disclosure policy
Security vulnerabilities should be reported privately. See SECURITY.md for the full disclosure process, severity classification, and response SLAs.
Summary: critical severity (CVSS ≥ 7.0) issues receive a patch within 48 hours of confirmation. Do not open public GitHub issues for unpatched vulnerabilities.
Provenance attestation
Every tagged release (v*) generates a
SLSA Level 2 provenance attestation via the
slsa-github-generator reusable workflow. The attestation covers:
- The
meridian-coreandmeridian-kernelsstatic libraries. - The
meridianPython wheel.
The attestation is uploaded as a GitHub release asset alongside the release artefacts. To verify:
# Install the SLSA verifier
go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@latest
# Download the artefact and its provenance from the GitHub release.
# Then verify:
slsa-verifier verify-artifact meridian-*.whl \
--provenance-path meridian.intoto.jsonl \
--source-uri github.com/angelnicolasc/meridian \
--source-tag v0.1.0
What is attested: the build provenance — that the artefact was built from the tagged source in the GitHub Actions environment. SLSA L2 does not attest to the security of the code itself.
Software Bill of Materials (SBOM)
Each release includes a CycloneDX SBOM covering:
- The Rust workspace (all transitive crate dependencies).
- The Python wheel (Python package dependencies from
pyproject.toml).
The SBOM is attached as a .cdx.json asset on the GitHub release. Operators
can use it with vulnerability scanning tools (Grype, Trivy, FOSSA).
Supply-chain controls
| Control | Mechanism |
|---|---|
| Dependency pinning | Cargo.lock and uv.lock committed and verified in CI |
| Dependency auditing | cargo deny check in the supply-chain CI job (licence + advisory check) |
| GitHub Actions pinning | Actions pinned to major version tags in all workflows |
| Self-hosted runner isolation | GPU runner gated to github.repository_owner == 'angelnicolasc' |
| DCO sign-off | All commits require Signed-off-by matching the commit author |
| Release provenance | SLSA L2 via slsa-github-generator |
Dependency policy
New dependencies require:
- A licence compatible with Apache-2.0 (verified by
cargo deny). - No known CVEs at the time of merge (verified by
cargo denyadvisories check). - An entry in the SBOM at the next release.
CI workflow permissions
All CI workflows run with minimal permissions:
| Workflow | Permissions |
|---|---|
ci.yml | contents: read |
release.yml | contents: write, pull-requests: write, id-token: write, attestations: write |
sbom.yml | contents: write |
docs.yml | contents: read, pages: write, id-token: write |
cuda.yml | contents: read |
release.yml permission notes:
id-token: write— required byslsa-github-generatorto mint the OIDC-backed provenance token; scoped to thebuild-artifactsandprovenancejobs.pull-requests: write— required byrelease-plzto open the automated release PR.attestations: write— required byslsa-github-generatorto upload the attestation bundle as a release asset.