Document policy to address SCA violations prior to release #489
Description
Address OSPS-VM-05.02 baseline requirement.
Requirement: While active, the project documentation MUST include a policy to address SCA violations prior to any release.
Recommendation: Document a policy in the project to address applicable Software Composition Analysis results before any release, and add status checks that verify compliance with that policy prior to release.
Control applies to: Maturity Level 3
https://baseline.openssf.org/versions/2025-10-10#osps-vm-0502