Add a Markdown version of the 'CIS Software Supply Chain Security Guide'

aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Apache License 2.0

715 stars 62 forks source link

Add a Markdown version of the 'CIS Software Supply Chain Security Guide' #52

Closed ZackKanter closed 2 years ago

ZackKanter commented 2 years ago

From the PDF:

The hope with the publication of this Guide is to elicit feedback from the global community that will help ensure the future platform-specific guidance (CIS Benchmarks) is even more accurate and relevant.

To facilitate feedback (comments, issues, PRs, etc), it would be great if the recommendations were available in a format like Markdown.

ZackKanter commented 2 years ago

D'oh. I see now that these are available in the metadata.json files, e.g.: https://github.com/aquasecurity/chain-bench/blob/main/internal/checks/build-pipelines/pipeline-integrity/rules.metadata.json