Closed balteravishay closed 3 months ago
Thanks for adding this, very helpful. As discussed on the EMEA security committee call, it would be great if we can add some guidance to check for the dependency tree of a new open source dependency during a code review.
thanks @superhindupur, great feedback! added a section on "When to evaluate OSS", wdyt?
Pull Request Template
What are you trying to address
This PR addresses issue #1039 by proposing a set of checks and tools that can be applied when evaluating an OSS package.
Checklist
[READY TO PR? Use the check-list below to ensure your branch is ready for PR.]