Security Insights is a specification for expressing security-relevant metadata about a project in a machine-readable format. It allows you to express things like where a project is in its lifecycle, what kind of security tools are used, and whether you want to accept automated pull requests. It complements Scorecard metrics by focusing on things that often can’t be found by analyzing repository contents.
As part of our launch, we’d like to see OpenSSF adopt the Security Insights specification across our code projects. This is as simple as adding a SECURITY-INSIGHTS.yml file to your repository root. The entire process should take less than 10 minutes. The full specification is located https://github.com/ossf/security-insights-spec/blob/v1.0.0/specification.md.
If you have questions about the Security Insights specification or this request, feel free to reach out to us on slack (#security_insights_spec) or open an issue in our repository (ossf/security-insights-spec).
Hello from the OpenSSF Security Insights team!
Security Insights is a specification for expressing security-relevant metadata about a project in a machine-readable format. It allows you to express things like where a project is in its lifecycle, what kind of security tools are used, and whether you want to accept automated pull requests. It complements Scorecard metrics by focusing on things that often can’t be found by analyzing repository contents.
As part of our launch, we’d like to see OpenSSF adopt the Security Insights specification across our code projects. This is as simple as adding a
SECURITY-INSIGHTS.ymlfile to your repository root. The entire process should take less than 10 minutes. The full specification is located https://github.com/ossf/security-insights-spec/blob/v1.0.0/specification.md.If you have questions about the Security Insights specification or this request, feel free to reach out to us on slack (#security_insights_spec) or open an issue in our repository (ossf/security-insights-spec).