DavidKorczynski
commented
1 year ago Sounds great, I'd be happy to help reviewing and moving this forward! Feel free to open a PR.
Open luigigubello opened 1 year ago
DavidKorczynski
commented
1 year ago Sounds great, I'd be happy to help reviewing and moving this forward! Feel free to open a PR.
luigigubello
commented
1 year ago Cool! I work on it, thank you 🧡
Hi :wave: as a project in the working group "Identifying Security Threats", we are working on the SECURITY-INSIGHTS.yml specification. SECURITY INSIGHTS would like to provide information regarding security posture and practices in place in an open-source project in both human-readable and machine-readable format (YAML). The original idea was to create something like security.txt, but containing more information and evidence. In the last months, we collected feedback from OpenSSF Slack channels and the community (Twitter), and now we have a first version that should be enough mature to be used. We would like to introduce this specification in some of the OpenSSF repositories (list at the bottom) to see how the community welcomes this news and how we can improve the specification. So, could we introduce
SECURITY-INSIGHTS.ymlin this repo? I can proceed to fill out the YAML (here is a sample) and prepare a PR by asking you for a review. Introducing this specification in the repo of OpenSSF might help to spread it into the community.Repos where would be nice to introduce
SECURITY-INSIGHTS.yml:Let me know :)