Conversation
teodor-yanev
force-pushed
the
add-minder-rules-links-baseline-1
branch
3 times, most recently
from
df97f67 to
304aa46
Compare
teodor-yanev
changed the title
* Adding Regulatory crosswalk mappings to QA category items Adding Regulatory crosswalk mappings to QA category items Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> * Update baseline/OSPS-QA.yaml Signed-off-by: Eddie Knight <knight@linux.com> --------- Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> Signed-off-by: Eddie Knight <knight@linux.com> Co-authored-by: Eddie Knight <knight@linux.com> Signed-off-by: Teodor Yanev <teodor@stacklok.com>
Try to make it better match the original intent. Fixes ossf#63 Signed-off-by: Ben Cotton <ben@kusari.dev> Signed-off-by: Eddie Knight <knight@linux.com> Co-authored-by: Eddie Knight <knight@linux.com> Signed-off-by: Teodor Yanev <teodor@stacklok.com>
baseline 1; first batch Signed-off-by: Teodor Yanev <teodor@stacklok.com>
Signed-off-by: Teodor Yanev <teodor@stacklok.com>
Signed-off-by: Teodor Yanev <teodor@stacklok.com>
teodor-yanev
force-pushed
the
add-minder-rules-links-baseline-1
branch
from
c35a52c to
757f946
Compare
|
I believe when we removed the scorecard values we decided against hard-coupling to other projects, is that right @SecurityCRob? Now that I think about it, I'm not sure whether that's applicable to security insights as well. |
SecurityCRob
left a comment
SecurityCRob
left a comment
There was a problem hiding this comment.
we discussed this briefing in the call today. In general, I support and want to capture this type of information and share with consumers of Baseline. I think the final form will morph perhaps, but I'm find accepting this so that we get the links/data and we can shuffle the content to its final home as we decide how we want to represent things like Scorecard, Minder, etc.
|
As mentioned in the call, we should see about versioning these Minder rules in alignment with the baseline calver versions. |
|
Hey team, I'm going to close this PR as part of the decision logged in #189. This corresponds to #190, which will remove all references to Security Insights. For the sake of posterity — As a maintainer of Security Insights, I was originally quite optimistic about adding references to implementations, and I'm empathetic to the work that was done in this PR ✊ |
5 participants
This change adds links to existing Minder rule types that implement Baseline checks.
Note: OSPS-DO-01 and OSPS-DO-02 are no longer included under any of the levels of the security baselines.
Update: Seems like the two rules above have changed their governance criteria as part of https://github.com/ossf/security-baseline/pull/130/files
I will be addressing this separately and adding them in the next batch of rules that we link to Minder -- this will include moving and renaming the files and then updating the yamls again