Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECURITY-INSIGHTS.yml implementation #249

Open
luigigubello opened this issue Nov 23, 2022 · 0 comments
Open

SECURITY-INSIGHTS.yml implementation #249

luigigubello opened this issue Nov 23, 2022 · 0 comments

Comments

@luigigubello
Copy link

Hi 👋 as a project in the working group "Identifying Security Threats", we are working on the SECURITY-INSIGHTS.yml specification. SECURITY INSIGHTS would like to provide information regarding security posture and practices in place in an open-source project in both human-readable and machine-readable format (YAML). The original idea was to create something like security.txt, but containing more information and evidence. In the last months, we collected feedback from OpenSSF Slack channels and the community (Twitter), and now we have a first version that should be enough mature to be used. We would like to introduce this specification in some of the OpenSSF repositories (list at the bottom) to see how the community welcomes this news and how we can improve the specification. So, could we introduce SECURITY-INSIGHTS.yml in this repo? I can proceed to fill out the YAML (here is a sample) and prepare a PR by asking you for a review. Introducing this specification in the repo of OpenSSF might help to spread it into the community.

Repos where would be nice to introduce SECURITY-INSIGHTS.yml :

Let me know :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant