Skip to content

Add SECURITY_INSIGHTS.yml starter file to ossf/project-template #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Danajoyluck opened this issue Jul 30, 2024 · 1 comment · May be fixed by ossf/project-template#6
Open

Add SECURITY_INSIGHTS.yml starter file to ossf/project-template #20

Danajoyluck opened this issue Jul 30, 2024 · 1 comment · May be fixed by ossf/project-template#6
Labels
enhancement New feature or request

Comments

@Danajoyluck
Copy link
Contributor

Danajoyluck commented Jul 30, 2024
edited
Loading

The security baseline has requirement "An initial set of metadata is established for gaining security insights into the project.." for a project to become incubating. To ease the burden from adopting the baseline, I'm proposing adding a SECURITY_INSIGHTS.yml starter file to project-template. When a new repo is created using the project template, the repo will have a default dependency policy file to use right away, or customize it when needed.

The stater file will use the sample file from Security Insights project.

For existing repos, I'm proposing adding SECURITY_INSIGHTS.yml starter file as a default community health file to organizations' .github.
@Danajoyluck Danajoyluck added the enhancement New feature or request label Jul 30, 2024
@idunbarh
Copy link

idunbarh commented Aug 1, 2024

I think having template files would be great. It helps with the dogfooding of the security baseline within OpenSSF and provides an easy place for people to see an "ideal" SECURITY_INSIGHTS.yml.

When I heard about needing a SECURITY_INSIGHTS.yml file for the security baseline, my first question was "is there one I can tailor for my project?".

trumant added a commit to trumant/project-template that referenced this issue Apr 3, 2025
@trumant
Adding security-insights.yml starter template
c3c12fd 
This template gives new OSSF projects a headstart in defining
a valid and valuable https://openssf.org/projects/security-insights-spec/

This closes ossf/security-baseline#20

Signed-off-by: Travis Truman <[email protected]>
trumant added a commit to trumant/project-template that referenced this issue Apr 3, 2025
@trumant
Adding security-insights.yml starter template
99005b0 
This template gives new OSSF projects a headstart in defining
a valid and valuable https://openssf.org/projects/security-insights-spec/

This closes ossf/security-baseline#20

Signed-off-by: Travis Truman <[email protected]>
@trumant trumant linked a pull request Apr 3, 2025 that will close this issue
Open
@TheFoxAtWork TheFoxAtWork mentioned this issue Apr 3, 2025
Open
3 tasks
trumant added a commit to trumant/project-template that referenced this issue Apr 3, 2025
@trumant
Adding security-insights.yml starter template
e009b59 
This template gives new OSSF projects a headstart in defining
a valid and valuable https://openssf.org/projects/security-insights-spec/

This closes ossf/security-baseline#20

Signed-off-by: Travis Truman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adding security-insights.yml starter template trumant/project-template
2 participants
@Danajoyluck @idunbarh