missing community standard checks

aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Apache License 2.0

715 stars 62 forks source link

missing community standard checks #36

Closed rgreinho closed 2 years ago

rgreinho commented 2 years ago

GitHub provides a list of community standard checks that help improving the quality of a repository.

For instance for the frsca project:

As a user I would like chain-bench to report this missing community standards so that I can improve the overall quality of my repositories.

morwn commented 2 years ago

Chain-bench intends to automate the Software Supply Chain CIS benchmark, but those checks are not part of them. If you believe they can improve the security posture, feel free to contribute to the actual benchmark here (which is under final review) by opening a ticket.