Skip to content

Commit

Permalink
Update security_baseline.md
Browse files Browse the repository at this point in the history
Updated "SHOULD" to "MUST" for Scorecard onboarding for to becoming incubating

Signed-off-by: Dana Wang <[email protected]>
  • Loading branch information
Danajoyluck authored Jul 17, 2024
1 parent 5145d96 commit 989e50a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion process/security_baseline.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ When the project starts, it's critical to have a security foundation to reduce a

### Baseline - To Become Incubating

As the project codebase grows and more features are added, increasing complexity, it becomes crucial to leverage security tools to identify vulnerabilities in the codebase or dependent software early on. Addressing critical issues early prevents costly fixes in the future. At this stage, projects SHOULD onboard to OpenSSF Scorecard by following the [installation instructions](https://github.com/ossf/scorecard-action#installation) of [Scorecard GitHub Action](https://github.com/ossf/scorecard-action). The Action runs on any repository change and raises alerts. ​​Repository administrators, organization owners, and people with write or maintain access to a repository can view the alerts in the repository’s Security tab. Ensure Scorecard is enabled for the project by following [Scorecard Verify Runs](https://github.com/ossf/scorecard-action?tab=readme-ov-file#verify-runs) instruction.
As the project codebase grows and more features are added, increasing complexity, it becomes crucial to leverage security tools to identify vulnerabilities in the codebase or dependent software early on. Addressing critical issues early prevents costly fixes in the future. At this stage, projects MUST onboard to OpenSSF Scorecard by following the [installation instructions](https://github.com/ossf/scorecard-action#installation) of [Scorecard GitHub Action](https://github.com/ossf/scorecard-action). The Action runs on any repository change and raises alerts. ​​Repository administrators, organization owners, and people with write or maintain access to a repository can view the alerts in the repository’s Security tab. Ensure Scorecard is enabled for the project by following [Scorecard Verify Runs](https://github.com/ossf/scorecard-action?tab=readme-ov-file#verify-runs) instruction.

| Security Baseline | Objective | How to Implement | How to Verify|
|-------|-------|-------|-------|
Expand Down

0 comments on commit 989e50a

Please sign in to comment.