Skip to content

Define SCA finding threshold for remediation #488

New issue
New issue
Open
Open
Define SCA finding threshold for remediation#488
Labels
security baselinehttps://github.com/ossf/tac/blob/main/process/security_baseline.md
Milestone
Security Baseline Level 3
@taladrane

Description

@taladrane
taladrane
opened on Jan 14, 2026

Address OSPS-VM-05.01 baseline requirement.

Requirement: While active, the project documentation MUST include a policy that defines a threshold for remediation of SCA findings related to vulnerabilities and licenses.

Recommendation: Document a policy in the project that defines a threshold for remediation of SCA findings related to vulnerabilities and licenses. Include the process for identifying, prioritizing, and remediating these findings.

Control applies to: Maturity Level 3

https://baseline.openssf.org/versions/2025-10-10#osps-vm-0501

Metadata

Metadata

Assignees

No one assigned

    Labels

    security baselinehttps://github.com/ossf/tac/blob/main/process/security_baseline.md

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions