Is your feature request related to a problem? Please describe.
The project has an opportunity to advance its security posture through the adoption of some community recommendations and security best practices.
Describe the solution you'd like
I'd like to see the project adopt the following in pursuit of improving the security of the project and improving the project's communication of its security posture:
- Improve the security tooling used within the project by introducing
- automated dependency management configuration for Dependabot
- SCA and SAST security scans during pre-commit and CI pipelines
- gitleaks integration in pre-commit
- Assess the project against guidance from the OpenSSF's OSPS Baseline and publish the results of the assessment
- Maintain a
security-insights.yml conforming to the OpenSSF's Security Insights spec that provides a machine-readable description of the project's security practices
- Publish a security policy. A simple example that may work for the project can be found in https://github.com/ossf/security-insights/security/policy
Describe alternatives you've considered
None
Additional context
I'm filing this issue with the intent to contribute the majority, if not the totality, of these suggested changes.
Is your feature request related to a problem? Please describe.
The project has an opportunity to advance its security posture through the adoption of some community recommendations and security best practices.
Describe the solution you'd like
I'd like to see the project adopt the following in pursuit of improving the security of the project and improving the project's communication of its security posture:
security-insights.ymlconforming to the OpenSSF's Security Insights spec that provides a machine-readable description of the project's security practicesDescribe alternatives you've considered
None
Additional context
I'm filing this issue with the intent to contribute the majority, if not the totality, of these suggested changes.