Please adopt OpenSSF Security Insights for this project #396
Comments
calebbrown
added a commit
that referenced
this issue
Oct 9, 2023
Fixes #396 Signed-off-by: Caleb Brown <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello from the OpenSSF Security Insights team!
Security Insights is a specification for expressing security-relevant metadata about a project in a machine-readable format. It allows you to express things like where a project is in its lifecycle, what kind of security tools are used, and whether you want to accept automated pull requests. It complements Scorecard metrics by focusing on things that often can’t be found by analyzing repository contents.
As part of our launch, we’d like to see OpenSSF adopt the Security Insights specification across our code projects. This is as simple as adding a
SECURITY-INSIGHTS.ymlfile to your repository root. The entire process should take less than 10 minutes. The full specification is located https://github.com/ossf/security-insights-spec/blob/v1.0.0/specification.md.If you have questions about the Security Insights specification or this request, feel free to reach out to us on slack (#security_insights_spec) or open an issue in our repository (ossf/security-insights-spec).
The text was updated successfully, but these errors were encountered: