Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please adopt OpenSSF Security Insights for this project #478

Open
caabernathy opened this issue Oct 4, 2023 · 0 comments
Open

Please adopt OpenSSF Security Insights for this project #478

caabernathy opened this issue Oct 4, 2023 · 0 comments

Comments

@caabernathy
Copy link

Hello from the OpenSSF Security Insights team!

Security Insights is a specification for expressing security-relevant metadata about a project in a machine-readable format. It allows you to express things like where a project is in its lifecycle, what kind of security tools are used, and whether you want to accept automated pull requests. It complements Scorecard metrics by focusing on things that often can’t be found by analyzing repository contents.

As part of our launch, we’d like to see OpenSSF adopt the Security Insights specification across our code projects. This is as simple as adding a SECURITY-INSIGHTS.yml file to your repository root. The entire process should take less than 10 minutes. The full specification is located https://github.com/ossf/security-insights-spec/blob/v1.0.0/specification.md.

If you have questions about the Security Insights specification or this request, feel free to reach out to us on slack (#security_insights_spec) or open an issue in our repository (ossf/security-insights-spec).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant