Merge pull request #10 from OpenPathfinder/feat/feedback

Author: UlisesGascon

docs/checks/MFAImpersonationDefense.mdx

@@ -5,6 +5,14 @@ title: Use MFA against impersonation
 slug: /checks/MFAImpersonationDefense
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
@@ -19,12 +27,10 @@ Use Multi Factor Authentication (MFA) Methods that Defend Against Impersonation
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: P1
 - Mitre: [CWE-290](https://cwe.mitre.org/data/definitions/290.html)
 - Sources: [OpenSSF Best Practices Badge Gold Level [secure_2FA]](https://www.bestpractices.dev/en/criteria/2#2.secure_2FA)
 - How To: [Github Docs](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/PRsBeforeMerge.mdx

@@ -5,6 +5,14 @@ title: Require Pull Requests Before Merging
 slug: /checks/PRsBeforeMerge
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
@@ -19,12 +27,10 @@ Require Pull Requests before Merging
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: R4
 - Mitre: [CWE-778](https://cwe.mitre.org/data/definitions/778.html)
 - Sources: [OpenSSF Scorecard](https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection)
 - How To: [Github Docs](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-pull-request-reviews-before-merging)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/SSHKeysRequired.mdx

@@ -5,6 +5,14 @@ title: Use SSH Keys with Passphrases for Repository Access
 slug: /checks/SSHKeysRequired
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
@@ -19,12 +27,10 @@ Use SSH keys for developer access to source code repositories and use a passphra
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: P3
 - Mitre: [CWE-309](https://cwe.mitre.org/data/definitions/309.html)
 - Sources: [CNCF SSCP v1.0 #192](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/sscsp.md#use-ssh-keys-to-provide-developers-access-to-source-code-repositories)
 - How To: [Github Docs](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/about-ssh)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/activeAdminsSixMonths.mdx

@@ -5,6 +5,14 @@ title: Require Active Admins in GitHub Org (Activity in 6 Months)
 slug: /checks/activeAdminsSixMonths
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
@@ -19,11 +27,9 @@ Github Organization Admins Should Have Activity In The Last 6 Months
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: R3
 - Mitre: [M1026](https://attack.mitre.org/mitigations/M1026/)
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/member/stale_admin_found.html)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/activeWritersSixMonths.mdx

@@ -5,6 +5,14 @@ title: Require Active Members with Write Access (Activity in 6 Months)
 slug: /checks/activeWritersSixMonths
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: recommended
@@ -19,11 +27,9 @@ Github Organization Members with Write Permissions Should Have Activity In The L
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: R3
 - Mitre: [M1026](https://attack.mitre.org/mitigations/M1026/)
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/member/stale_member_found.html)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/adminRepoCreationOnly.mdx

@@ -5,6 +5,14 @@ title: Allow Only Admins to Create Public Repositories
 slug: /checks/adminRepoCreationOnly
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
@@ -19,12 +27,10 @@ Only Admins Should Be Able To Create Public Repositories
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: P4
 - Mitre: [CAPEC-122](https://capec.mitre.org/data/definitions/122.html)
 - Sources: [OpenSSF SCM Best Practices](https://best.openssf.org/SCM-BestPractices/github/organization/non_admins_can_create_public_repositories.html)
 - How To: [Github Docs](https://docs.github.com/en/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/annualDependencyRefresh.mdx

@@ -5,6 +5,14 @@ title: Refresh Dependencies with Annual Releases
 slug: /checks/annualDependencyRefresh
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
@@ -19,10 +27,8 @@ A new release to refresh dependencies occurs at least annually
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: P14
 - Sources: [OpenSSF Best Practices Badge Passing Level [maintained]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.maintained)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/assignCVEForKnownVulns.mdx

@@ -5,6 +5,14 @@ title: Assign CVEs to All Known Security Vulnerabilities
 slug: /checks/assignCVEForKnownVulns
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
@@ -19,10 +27,8 @@ All Known Security Vulnerabilities are Issued a CVE
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: P7
 - Sources: [OpenSSF Best Practices Badge Passing Level [release_notes_vulns]](https://www.bestpractices.dev/en/criteria?details=true&rationale=true#0.release_notes_vulns)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/automateDependencyManagement.mdx

@@ -5,6 +5,14 @@ title: Automate Monitoring of Outdated Dependencies
 slug: /checks/automateDependencyManagement
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
@@ -19,11 +27,9 @@ Automated Process is Used to Monitor for and Maintain a List of Out of Date Depe
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: P14
 - Sources: [OWASP SCVS L1 5.7](https://scvs.owasp.org/scvs/v5-component-analysis/)
 - How To: [Socket.Dev](https://socket.dev/)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->

docs/checks/automateVulnDetection.mdx

@@ -5,6 +5,14 @@ title: Automate Dependency Vulnerability Identification
 slug: /checks/automateVulnDetection
 ---
 
+<!-- BANNER:START -->
+:::tip
+
+This check is currently under development and not yet implemented. [Click here to learn how you can help](/contribute).
+
+:::
+<!-- BANNER:END -->
+
 ## Use Case
 <!-- LEVELS:START -->
 - Incubating: expected
@@ -19,12 +27,10 @@ An automated process to identify dependencies with publicly disclosed vulnerabil
 
 <!-- DETAILS:START -->
 ## Details
-- Implementation Status: pending
 - C-SCRM: true
 - Priority Group: P6
 - Mitre: [CWE-1395](https://cwe.mitre.org/data/definitions/1395.html)
 - Sources: [OWASP SCVS L1 5.4](https://scvs.owasp.org/scvs/v5-component-analysis/)
 - How To: [Github Docs](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#managing-dependabot-security-updates-for-your-repositories)
-- Created at 2024-12-22T05:21:43.514Z
-- Updated at 2024-12-22T05:21:43.514Z
+
 <!-- DETAILS:END -->