Add Security Insights File #14438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Closed

maennchen wants to merge 1 commit into elixir-lang:main from maennchen:jm/security_insights

Member

maennchen commented Apr 15, 2025

Changes

Implements a Security Insights File. See: https://github.com/ossf/security-insights-spec

Advantages

This allows scanners to automatically retrieve information mostly stored in text at the moment.
This allows to formally declare any certifications we do like OpenChain, Best Practices Badge and any possible future ones.
This allows to specify any identification (like Purl) to installations of elixir.

TODO

Set dates before merging
Correct Admin List
(optional) Member Details - We can also extend info with affiliation, email and social if you'd like to do so: https://github.com/ossf/security-insights-spec/blob/main/specification/aliases.md#contact
Decide whether to include externally managed Purls.


          Add Security Insights File

ff1aa91

Member Author

maennchen commented Apr 15, 2025

Deferred until required by attestations like Baseline.

maennchen closed this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet