Open david-a-wheeler opened 6 years ago
In the same area, we might also want to add a marking noting "Free for FLOSS projects".
My thanks to Guy from Snyk for suggesting these.
While we're at it, maybe we should also add another marking, "is FLOSS". Again, trying to provide info for users.
Also: Should we refer here to the related O'Reilly book "Securing Open Source Libraries"? First chapter is public: https://www.oreilly.com/ideas/what-defines-a-known-open-source-vulnerability
Let's add Snyk to the list of dependency monitoring tools: https://github.com/coreinfrastructure/best-practices-badge/blob/master/doc/other.md#dependency_monitoring
We want people to use these tools, so pointing out options (especially those free for OSS projects) makes sense.
It's not clear what hyperlink to use - I'm currently thinking of https://snyk.io/