Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compliance Report / Audits / Dashboard Created And Populated By Tier 2 Projects #17

Closed
5 tasks done
bensternthal opened this issue May 3, 2023 · 9 comments
Closed
5 tasks done

Compliance Report / Audits / Dashboard Created And Populated By Tier 2 Projects #17

bensternthal opened this issue May 3, 2023 · 9 comments
Assignees
@ljharb
Labels
security-destf Issues and tasks related to the German Sovereign Tech Fund

Comments

@bensternthal
Copy link
Contributor

bensternthal commented May 3, 2023
edited by ljharb
Loading

Tasks
Preview Give feedback
  5. Milestone: document customized best practices recommended by OpenSSF #76
    guidance
    ljharb
@bensternthal bensternthal transferred this issue from another repository May 23, 2023
@bensternthal bensternthal added the security-destf Issues and tasks related to the German Sovereign Tech Fund label May 23, 2023
@ljharb
Copy link
Member

ljharb commented Jul 19, 2023

For the OpenSSF CII Best Practice badge, we'll want to track multiple pieces of info: passing %, silver %, gold %, and which badge is displayed on the readme/website (or none).

@bensternthal bensternthal changed the title Compliance Report / Audits / Dashboard Created And Populated By Tier 2 Projects Milestone: Compliance Report / Audits / Dashboard Created And Populated By Tier 2 Projects Aug 8, 2023
@bensternthal bensternthal moved this from Epics to Current Quarter Backlog in DESTF - Security Project Tracking Aug 10, 2023
@ljharb
Copy link
Member

ljharb commented Aug 22, 2023

Here's an initial dashboard: https://docs.google.com/spreadsheets/d/1wUsWSRu4x_Up4PjVNhEu_z8eOag8V7bcJGaJJl5RlC8/edit#gid=0

Please suggest additional metrics you think should be here, and more will likely surface from the effort on #21.

@ljharb ljharb moved this from Current Quarter Backlog to In Progress in DESTF - Security Project Tracking Aug 22, 2023
@bensternthal
Copy link
Contributor Author

@ljharb if you agree... let's get this on the agenda for the next collab space meeting. I'd also suggest adding this into slack so folks (time permitting) can noodle with it prior to Monday.

@ljharb
Copy link
Member

ljharb commented Aug 23, 2023
edited
Loading

Sounds great, will do → https://openjs-foundation.slack.com/archives/CTPN0DFF0/p1692813199794179

@mhdawson mhdawson mentioned this issue Aug 25, 2023
Closed
@achrinza achrinza mentioned this issue Aug 27, 2023
Open
@ctcpip
Copy link
Member

ctcpip commented Aug 29, 2023

LGTM, save for one a11y issue I pointed out via a comment on the doc

@UlisesGascon
Copy link
Member

LGTM!

@bensternthal
Copy link
Contributor Author

Example dashboard from nearform https://nearform.github.io/osscheck/

This was referenced Sep 8, 2023
Closed
Closed
This was referenced Sep 22, 2023
Closed
Closed
@mhdawson mhdawson mentioned this issue Oct 6, 2023
Closed
@ljharb
Copy link
Member

ljharb commented Dec 20, 2023

The dashboard is partially populated, and work to flesh it out will need to continue over future quarters.

@ljharb ljharb moved this from In Progress to Future Work in DESTF - Security Project Tracking Dec 20, 2023
@ruddermann ruddermann removed this from the Implementation Compliance & Dashboards milestone Feb 15, 2024
@ruddermann ruddermann changed the title Milestone: Compliance Report / Audits / Dashboard Created And Populated By Tier 2 Projects Compliance Report / Audits / Dashboard Created And Populated By Tier 2 Projects Feb 20, 2024
@ruddermann ruddermann moved this from Planned Work to Done in DESTF - Security Project Tracking Feb 20, 2024
@ruddermann ruddermann removed the security-destf Issues and tasks related to the German Sovereign Tech Fund label Feb 20, 2024
@ruddermann ruddermann added this to the OpenJS Priority 2 Project Security milestone Feb 20, 2024
@ruddermann
Copy link
Collaborator

This issue is being replaced in 2024 by #150

@ruddermann ruddermann added the security-destf Issues and tasks related to the German Sovereign Tech Fund label Feb 20, 2024
@ruddermann ruddermann removed the epic label Feb 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ljharb ljharb

Labels
security-destf Issues and tasks related to the German Sovereign Tech Fund
Projects
DESTF - Security Project Tracking
Status: No status
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ljharb @bensternthal @UlisesGascon @ctcpip @ruddermann