Add SECURITY_INSIGHTS.yml starter file to ossf/project-template #20
Labels
enhancement
New feature or request
Comments
|
I think having template files would be great. It helps with the dogfooding of the security baseline within OpenSSF and provides an easy place for people to see an "ideal" SECURITY_INSIGHTS.yml. When I heard about needing a SECURITY_INSIGHTS.yml file for the security baseline, my first question was "is there one I can tailor for my project?". |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The security baseline has requirement "An initial set of metadata is established for gaining security insights into the project.." for a project to become incubating. To ease the burden from adopting the baseline, I'm proposing adding a SECURITY_INSIGHTS.yml starter file to project-template. When a new repo is created using the project template, the repo will have a default dependency policy file to use right away, or customize it when needed.
The stater file will use the sample file from Security Insights project.
For existing repos, I'm proposing adding SECURITY_INSIGHTS.yml starter file as a default community health file to organizations' .github.
The text was updated successfully, but these errors were encountered: