wg-metrics-and-metadata Metadata need by Ortelius

Metadata need by Ortelius

Open sbtaylor15 opened this issue 1 year ago • 1 comments

Attribute Implmented?

Security Insights Verified

Open Source Project (Y/N)

Open Source Foundation (CNCF, Apache, CDF)

License File

Readme File

OWNERS File

MAINTAINERS File

SECURITY File

Governance Doc

Contributor Doc

Code of Conduct

CLA Required

CLA URL

OpenAPI/Swagger

Repository Access Definitions as Code

Project Contact

Project Website

Project Issue Tracking

Project Documentation

Security Contact

Harassment Reporting Contac

Git Repo 2FA

SCM Repo Type

SCM Repo Url

CodeQL

Dependency Tool (Dependabot, Renovate)

Build SBOM Generation

Post Build SBOM Generation

SBOM File

SBOM Signing

SBOM Signing Method

SBOM Signing Public Key

SBOM Signing Valid

Artifact Publishing Location (PURL)

Artifact Mirrors

Artifact Signing

Artifact Signing Method

Artifact Signing Public Key

Artifact Signing Valid

Provenance

Attestation

SonarQube

VeraCode

Linting (Mega/Super Linters)

SAST

DAST

OpenSSF Scorecard

Attribute	Implmented?
Security Insights Verified
Open Source Project (Y/N)
Open Source Foundation (CNCF, Apache, CDF)
License File
Readme File
OWNERS File
MAINTAINERS File
SECURITY File
Governance Doc
Contributor Doc
Code of Conduct
CLA Required
CLA URL
OpenAPI/Swagger
Repository Access Definitions as Code
Project Contact
Project Website
Project Issue Tracking
Project Documentation
Security Contact
Harassment Reporting Contac
Git Repo 2FA
SCM Repo Type
SCM Repo Url
CodeQL
Dependency Tool (Dependabot, Renovate)
Build SBOM Generation
Post Build SBOM Generation
SBOM File
SBOM Signing
SBOM Signing Method
SBOM Signing Public Key
SBOM Signing Valid
Artifact Publishing Location (PURL)
Artifact Mirrors
Artifact Signing
Artifact Signing Method
Artifact Signing Public Key
Artifact Signing Valid
Provenance
Attestation
SonarQube
VeraCode
Linting (Mega/Super Linters)
SAST
DAST
OpenSSF Scorecard

Apr 23 '24 15:04 sbtaylor15

Attribute Implmented?

Security Insights Verified

Open Source Project (Y/N) N

Open Source Foundation (CNCF, Apache, CDF) N

License File Y

Readme File N

OWNERS File No. But you can use core-team.

MAINTAINERS File No. But you can use core-team.

SECURITY File Y

Governance Doc N

Contributor Doc Y

Code of Conduct Y

CLA Required N

CLA URL N

OpenAPI/Swagger You can use documentation.

Repository Access Definitions as Code N (?)

Project Contact Y

Project Website Youn can use project-url.

Project Issue Tracking N (good idea).

Project Documentation Y

Security Contact Y

Harassment Reporting Contac N

Git Repo 2FA N

SCM Repo Type N

SCM Repo Url N

CodeQL You can use security-testing.

Dependency Tool (Dependabot, Renovate) You can use security-testing.

Build SBOM Generation

Post Build SBOM Generation

SBOM File Y

SBOM Signing

SBOM Signing Method

SBOM Signing Public Key

SBOM Signing Valid

Artifact Publishing Location (PURL) Y

Artifact Mirrors You can use distribution-points.

Artifact Signing

Artifact Signing Method

Artifact Signing Public Key

Artifact Signing Valid

Provenance

Attestation

SonarQube You can use security-testing.

VeraCode You can use security-testing.

Linting (Mega/Super Linters) You can use security-testing.

SAST You can use security-testing.

DAST You can use security-testing.

OpenSSF Scorecard You can use security-testing.

Attribute	Implmented?
Security Insights Verified
Open Source Project (Y/N)	N
Open Source Foundation (CNCF, Apache, CDF)	N
License File	Y
Readme File	N
OWNERS File	No. But you can use `core-team`.
MAINTAINERS File	No. But you can use `core-team`.
SECURITY File	Y
Governance Doc	N
Contributor Doc	Y
Code of Conduct	Y
CLA Required	N
CLA URL	N
OpenAPI/Swagger	You can use `documentation`.
Repository Access Definitions as Code	N (?)
Project Contact	Y
Project Website	Youn can use `project-url`.
Project Issue Tracking	N (good idea).
Project Documentation	Y
Security Contact	Y
Harassment Reporting Contac	N
Git Repo 2FA	N
SCM Repo Type	N
SCM Repo Url	N
CodeQL	You can use `security-testing`.
Dependency Tool (Dependabot, Renovate)	You can use `security-testing`.
Build SBOM Generation
Post Build SBOM Generation
SBOM File	Y
SBOM Signing
SBOM Signing Method
SBOM Signing Public Key
SBOM Signing Valid
Artifact Publishing Location (PURL)	Y
Artifact Mirrors	You can use `distribution-points`.
Artifact Signing
Artifact Signing Method
Artifact Signing Public Key
Artifact Signing Valid
Provenance
Attestation
SonarQube	You can use `security-testing`.
VeraCode	You can use `security-testing`.
Linting (Mega/Super Linters)	You can use `security-testing`.
SAST	You can use `security-testing`.
DAST	You can use `security-testing`.
OpenSSF Scorecard	You can use `security-testing`.

Apr 23 '24 19:04 luigigubello

wg-metrics-and-metadata wg-metrics-and-metadata copied to clipboard

Metadata need by Ortelius

wg-metrics-and-metadata
wg-metrics-and-metadata copied to clipboard