Add links to Minder rule types. #157
Conversation
teodor-yanev
force-pushed
the
add-minder-rules-links-baseline-1
branch
3 times, most recently
from
df97f67 to
304aa46
Compare
teodor-yanev
changed the title
* Adding Regulatory crosswalk mappings to QA category items Adding Regulatory crosswalk mappings to QA category items Signed-off-by: CRob <[email protected]> * Update baseline/OSPS-QA.yaml Signed-off-by: Eddie Knight <[email protected]> --------- Signed-off-by: CRob <[email protected]> Signed-off-by: Eddie Knight <[email protected]> Co-authored-by: Eddie Knight <[email protected]> Signed-off-by: Teodor Yanev <[email protected]>
Try to make it better match the original intent. Fixes ossf#63 Signed-off-by: Ben Cotton <[email protected]> Signed-off-by: Eddie Knight <[email protected]> Co-authored-by: Eddie Knight <[email protected]> Signed-off-by: Teodor Yanev <[email protected]>
baseline 1; first batch Signed-off-by: Teodor Yanev <[email protected]>
Signed-off-by: Teodor Yanev <[email protected]>
Signed-off-by: Teodor Yanev <[email protected]>
teodor-yanev
force-pushed
the
add-minder-rules-links-baseline-1
branch
from
c35a52c to
757f946
Compare
|
I believe when we removed the scorecard values we decided against hard-coupling to other projects, is that right @SecurityCRob? Now that I think about it, I'm not sure whether that's applicable to security insights as well. |
There was a problem hiding this comment.
we discussed this briefing in the call today. In general, I support and want to capture this type of information and share with consumers of Baseline. I think the final form will morph perhaps, but I'm find accepting this so that we get the links/data and we can shuffle the content to its final home as we decide how we want to represent things like Scorecard, Minder, etc.
|
As mentioned in the call, we should see about versioning these Minder rules in alignment with the baseline calver versions. |
This change adds links to existing Minder rule types that implement Baseline checks.
Note: OSPS-DO-01 and OSPS-DO-02 are no longer included under any of the levels of the security baselines.
Update: Seems like the two rules above have changed their governance criteria as part of https://github.com/ossf/security-baseline/pull/130/files
I will be addressing this separately and adding them in the next batch of rules that we link to Minder -- this will include moving and renaming the files and then updating the yamls again