Initial OpenSSF baseline profile

stacklok / minder-rules-and-profiles

A repository containing Minder rules and profiles recommended by your friends at Stacklok

Apache License 2.0

15 stars 7 forks source link

Initial OpenSSF baseline profile #131

Closed puerco closed 1 month ago

puerco commented 1 month ago

This commit introduces the first draft of the security baseline profile. It introduces three simple ruletypes: Check for a security policy file, check for a security insights file and check for a dependency policy in the Si file.

jhrozek commented 1 month ago

thanks for the work @puerco ! I left some comment inline - it's mostly that we developed some conventions over the months and they are not really visible for someone who's not been following the development. But overall this looks great!

puerco commented 1 month ago

Comments are addressed here, I'm closing this PR and reopening in #136 which is not from my fork