Have a healthy number of committers. A committer is defined as someone with the commit bit; i.e., someone who can accept contributions to some or all of the project.
Demonstrate a substantial ongoing flow of commits and merged contributions.
Since these metrics can vary significantly depending on the type, scope and size of a project, the TOC has final judgement over the level of activity that is adequate to meet these criteria
A clear versioning scheme.
Clearly documented security processes explaining how to report security issues to the project, and describing how the project provides updated releases or patches to resolve security vulnerabilities
Specifications must have at least one public reference implementation.
I think we are getting close to satisfy the requirements for the Incubating Stage:
https://github.com/cncf/toc/blob/main/process/graduation_criteria.md#incubating-stage
TODOs
[x] Complete OpenSSF Best Practices
[X] Submit Security Self-Assessment to https://github.com/cncf/tag-security/tree/main/assessments/projects
[X] Submit an incubation application to https://github.com/cncf/toc/issues
[ ] Wait for approval