edgexfoundry / cd-management

Owner: DevOps WG
5 stars 14 forks source link

Add openssf best practices badge to EdgeX repos [ossf silver] #231

Open bnevis-i opened 2 years ago

bnevis-i commented 2 years ago

The Open Source Security Foundation (OpenSSF) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice. The OpenSSF Best Practices Badge is inspired by the many badges available to projects on GitHub. Consumers of the badge can quickly assess which FLOSS projects are following best practices and as a result are more likely to produce higher-quality secure software.

See https://bestpractices.coreinfrastructure.org/en and https://github.com/coreinfrastructure/best-practices-badge

Our badge is: https://bestpractices.coreinfrastructure.org/projects/1226/badge

This badge should be implemented prior to public recognition of achieving the openssf badge:

Silver criteria: "The project repository front page and/or website MUST identify and hyperlink to any achievements, including this best practices badge, within 48 hours of public recognition that the achievement has been attained. (URL required) [documentation_achievements] An achievement is any set of external criteria that the project has specifically worked to meet, including some badges. This information does not need to be on the project website front page. A project using GitHub can put achievements on the repository front page by adding them to the README file."

cc: @jpwhitemn

bnevis-i commented 2 years ago

@ernestojeda Please consider this ticket for Minnesota release.