OSPS-DO-06.01: Dependency management policy was NOT specified in Security Insights data

## Objectives

Create an initial dependency policy to establish baseline requirements for evaluating dependencies and link it in the `.github/security-insights.yml`

## Resources


## Completion Criteria

- [ ] Add dependency management policy at the root of the repo at `DEPENDENCY_POLICY.md`
- [ ] Include license evaluation per CNCF [third party license requirements](https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md#approved-licenses-for-allowlist)
- [ ] Add [link](https://github.com/ossf/security-insights-spec/blob/41ffc3e13f8e39557ec56f76680fceecf0c62ce7/template-full.yml#L75C6-L75C33) in `.github/security-insights.yml` at `repository.documentation.dependency-management-policy`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

OSPS-DO-06.01: Dependency management policy was NOT specified in Security Insights data #1843

Objectives

Resources

Completion Criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OSPS-DO-06.01: Dependency management policy was NOT specified in Security Insights data #1843

Description

Objectives

Resources

Completion Criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions