[Baseline WG] Develop Baseline Security Probes in OpenSSF Scorecard

[eddie-knight]

trafficstars

As part of our collaboration with OpenSSF, TAG Security members have been aiding in the design of the Open Source Project Security Baseline.

As the Baseline definitions are nearing completion, the next step will be to create Scorecard probes that will allow for automated integration into the OpenSSF Best Practices Badge and LFX Insights.

Currently, all three of the aforementioned tools are widely adopted in CNCF, and we anticipate that the TAG will be able to support the security of CNCF Projects by aiding in the development of the automated checks. Additionally, we may have the opportunity to use the 2024 Security Slam to encourage rapid adoption of the OSPS Baseline.

To accomplish the Level 1 milestone, we need to write approximately 15 probes.

Volunteers Needed

We need your help if you are a programmer willing to work in golang (it's not too difficult to pick up if you are well versed in another language).

Please comment on this issue or #tag-security-baseline-wg on Slack if you are available to help with this effort!