chore: sync policies, checks and checklists (#38)

github-actions[bot] · web-flow · commit bf83ac1c7601 · 2025-02-13T08:20:16.000+01:00
diff --git a/data/checklists.json b/data/checklists.json
diff --git a/data/checks.json b/data/checks.json
diff --git a/docs/checks/MFAImpersonationDefense.mdx b/docs/checks/MFAImpersonationDefense.mdx
@@ -6,11 +6,7 @@ slug: /checks/MFAImpersonationDefense
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -22,6 +18,7 @@ Use Multi Factor Authentication (MFA) methods that defend against impersonation
 ## Details
 - Default Category: user authentication
 - Default Priority Group: P1
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/66)).
 - C-SCRM: true
 - Mitre: [CWE-290](https://cwe.mitre.org/data/definitions/290.html)
 - Mitre: [CAPEC-151](https://capec.mitre.org/data/definitions/151.html)
diff --git a/docs/checks/assignCVEForKnownVulns.mdx b/docs/checks/assignCVEForKnownVulns.mdx
@@ -6,11 +6,7 @@ slug: /checks/assignCVEForKnownVulns
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_assignCVEForKnownVulns_policy` from the table `projects`
 ## Details
 - Default Category: coordinated vulnerability disclosure
 - Default Priority Group: P7
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/91)).
 - C-SCRM: true
 - Sources: [OpenSSF Best Practices Badge Passing Level (release_notes_vulns)](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.release_notes_vulns)
 
diff --git a/docs/checks/ciAndCdPipelineAsCode.mdx b/docs/checks/ciAndCdPipelineAsCode.mdx
@@ -6,11 +6,7 @@ slug: /checks/ciAndCdPipelineAsCode
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_ciAndCdPipelineAsCode_policy` from the table `projects` t
 ## Details
 - Default Category: source control
 - Default Priority Group: P12
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/108)).
 - C-SCRM: true
 - Sources: [CNCF SSCP 1.0 #158](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/sscsp.md#build-and-related-continuous-integrationcontinuous-delivery-steps-should-all-be-automated-through-a-pipeline-defined-as-code)
 - How To: [Github Docs](https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages)
diff --git a/docs/checks/consistentBuildProcessDocs.mdx b/docs/checks/consistentBuildProcessDocs.mdx
@@ -6,11 +6,7 @@ slug: /checks/consistentBuildProcessDocs
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_consistentBuildProcessDocs_policy` from the table `projec
 ## Details
 - Default Category: github workflows
 - Default Priority Group: P12
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/105)).
 - C-SCRM: true
 - Mitre: [CWE-1068](https://cwe.mitre.org/data/definitions/1068.html)
 
diff --git a/docs/checks/defineFunctionalRoles.mdx b/docs/checks/defineFunctionalRoles.mdx
@@ -6,11 +6,7 @@ slug: /checks/defineFunctionalRoles
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -27,6 +23,7 @@ We use the column `has_defineFunctionalRoles_policy` from the table `projects` t
 ## Details
 - Default Category: user account permissions
 - Default Priority Group: P4
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/77)).
 - C-SCRM: true
 - Mitre: [CAPEC-122](https://capec.mitre.org/data/definitions/122.html)
 - Mitre: [M1018](https://attack.mitre.org/mitigations/M1018/)
diff --git a/docs/checks/identifyModifiedDependencies.mdx b/docs/checks/identifyModifiedDependencies.mdx
@@ -6,11 +6,7 @@ slug: /checks/identifyModifiedDependencies
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_identifyModifiedDependencies_policy` from the table `proj
 ## Details
 - Default Category: dependency inventory
 - Default Priority Group: P14
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/111)).
 - C-SCRM: true
 - Sources: [OWASP SCVS L2 6.5](https://scvs.owasp.org/scvs/v6-pedigree-and-provenance/)
 
diff --git a/docs/checks/incidentResponsePlan.mdx b/docs/checks/incidentResponsePlan.mdx
@@ -6,11 +6,7 @@ slug: /checks/incidentResponsePlan
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_incidentResponsePlan_policy` from the table `projects` to
 ## Details
 - Default Category: coordinated vulnerability disclosure
 - Default Priority Group: P7
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/90)).
 - C-SCRM: false
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/#operations)
 
diff --git a/docs/checks/includeCVEInReleaseNotes.mdx b/docs/checks/includeCVEInReleaseNotes.mdx
@@ -6,11 +6,7 @@ slug: /checks/includeCVEInReleaseNotes
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -22,6 +18,7 @@ Ensure release notes include the CVE ID for patched security vulnerabilities
 ## Details
 - Default Category: coordinated vulnerability disclosure
 - Default Priority Group: P7
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/92)).
 - C-SCRM: false
 - Sources: [OpenSSF Best Practices Badge Passing Level (release_notes_vulns)](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.release_notes_vulns)
 
diff --git a/docs/checks/machineReadableDependencies.mdx b/docs/checks/machineReadableDependencies.mdx
@@ -6,11 +6,7 @@ slug: /checks/machineReadableDependencies
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_machineReadableDependencies_policy` from the table `proje
 ## Details
 - Default Category: dependency inventory
 - Default Priority Group: P14
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/110)).
 - C-SCRM: true
 - Sources: [OWASP SCVS L1 1.3](https://scvs.owasp.org/scvs/v1-inventory/#verification-requirements)
 - Sources: [OpenSSF Best Practices Badge Silver Level (external_dependencies)](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#1.external_dependencies://scvs.owasp.org/scvs/v1-inventory/#verification-requirements)
diff --git a/docs/checks/npmOrgMFA.mdx b/docs/checks/npmOrgMFA.mdx
@@ -6,11 +6,7 @@ slug: /checks/npmOrgMFA
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_npmOrgMFA_policy` from the table `projects` to calculate
 ## Details
 - Default Category: user authentication
 - Default Priority Group: P1
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/64)).
 - C-SCRM: true
 - Mitre: [CWE-308](https://cwe.mitre.org/data/definitions/308.html)
 - Mitre: [M1032](https://attack.mitre.org/mitigations/M1032/)
diff --git a/docs/checks/npmPublicationMFA.mdx b/docs/checks/npmPublicationMFA.mdx
@@ -6,11 +6,7 @@ slug: /checks/npmPublicationMFA
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_npmPublicationMFA_policy` from the table `projects` to ca
 ## Details
 - Default Category: service authentication
 - Default Priority Group: P3
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/72)).
 - C-SCRM: true
 - Mitre: [CWE-308](https://cwe.mitre.org/data/definitions/308.html)
 - Sources: [npm Docs](https://docs.npmjs.com/creating-and-viewing-access-tokens)
diff --git a/docs/checks/orgToolingMFA.mdx b/docs/checks/orgToolingMFA.mdx
@@ -6,11 +6,7 @@ slug: /checks/orgToolingMFA
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_orgToolingMFA_policy` from the table `projects` to calcul
 ## Details
 - Default Category: user authentication
 - Default Priority Group: P1
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/65)).
 - C-SCRM: false
 - Mitre: [CWE-308](https://cwe.mitre.org/data/definitions/308.html)
 - Mitre: [M1032](https://attack.mitre.org/mitigations/M1032/)
diff --git a/docs/checks/regressionTestsForVulns.mdx b/docs/checks/regressionTestsForVulns.mdx
@@ -6,11 +6,7 @@ slug: /checks/regressionTestsForVulns
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_regressionTestsForVulns_policy` from the table `projects`
 ## Details
 - Default Category: code quality
 - Default Priority Group: P8
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/93)).
 - C-SCRM: false
 - Sources: [OpenSSF Best Practices Badge Silver Level (regression_tests_added50)](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#1.regression_tests_added50)
 
diff --git a/docs/checks/securityMdMeetsOpenJSCVD.mdx b/docs/checks/securityMdMeetsOpenJSCVD.mdx
@@ -6,11 +6,7 @@ slug: /checks/securityMdMeetsOpenJSCVD
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_securityMdMeetsOpenJSCVD_policy` from the table `projects
 ## Details
 - Default Category: coordinated vulnerability disclosure
 - Default Priority Group: P7
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/87)).
 - C-SCRM: false
 - Sources: [OpenSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#security-policy)
 - Sources: [OpenSSF Best Practices Badge Silver Level (vulnerability_response_process)](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#1.vulnerability_response_process)
diff --git a/docs/checks/softwareArchitectureDocs.mdx b/docs/checks/softwareArchitectureDocs.mdx
@@ -6,11 +6,7 @@ slug: /checks/softwareArchitectureDocs
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_softwareArchitectureDocs_policy` from the table `projects
 ## Details
 - Default Category: code review
 - Default Priority Group: P12
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/107)).
 - C-SCRM: false
 - Mitre: [CWE-1053](https://cwe.mitre.org/data/definitions/1053.html)
 - Sources: [OpenSSF Best Practices Badge Silver Level (documentation_architecture)](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#1.documentation_architecture)
diff --git a/docs/checks/upgradePathDocs.mdx b/docs/checks/upgradePathDocs.mdx
@@ -6,11 +6,7 @@ slug: /checks/upgradePathDocs
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -27,6 +23,7 @@ We use the column `has_upgradePathDocs_policy` from the table `projects` to calc
 ## Details
 - Default Category: vulnerability management
 - Default Priority Group: P12
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/106)).
 - C-SCRM: true
 - Sources: [OpenSSF Best Practices Badge Silver Level (maintenance_or_update)](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#1.maintenance_or_update)
 
diff --git a/docs/checks/useCVDToolForVulns.mdx b/docs/checks/useCVDToolForVulns.mdx
@@ -6,11 +6,7 @@ slug: /checks/useCVDToolForVulns
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -26,6 +22,7 @@ We use the column `has_useCVDToolForVulns_policy` from the table `projects` to c
 ## Details
 - Default Category: coordinated vulnerability disclosure
 - Default Priority Group: P7
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/88)).
 - C-SCRM: false
 - Sources: [OpenSSF Best Practices Badge Passing Level (vulnerability_report_private)](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.vulnerability_report_private)
 - How To: [Github Docs](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization)
diff --git a/docs/checks/vulnResponse14Days.mdx b/docs/checks/vulnResponse14Days.mdx
@@ -6,11 +6,7 @@ slug: /checks/vulnResponse14Days
 ---
 
 <!-- BANNER:START -->
-:::tip
 
-This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
-
-:::
 <!-- BANNER:END -->
 
 <!-- DESCRIPTION:START -->
@@ -22,6 +18,7 @@ Ensure all external vulnerability reports are addressed within 14 days
 ## Details
 - Default Category: coordinated vulnerability disclosure
 - Default Priority Group: P7
+- Implementation Details: It is manual ([details](https://github.com/OpenPathfinder/visionBoard/issues/89)).
 - C-SCRM: false
 - Sources: [OpenSSF Best Practices Badge Passing Level (vulnerability_report_response)](https://www.bestpractices.dev/en/criteria#0.vulnerability_report_response)
 
